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1. About this guide 

The WGS200's Configuration Guide was written to provide technical information to who is 
responsible for its configuration and setup. This guide assumes the person configuring the WGS200 
is familiar with the basics of computer networking. The WGS200 is the central equipment of the 
WirelessGEST product line and the WGConfig is its configuration interface. This guide also explains, 
dstep by step, how to use the WGConfig interface. These instructions include screenshots for each 
task. 

This Section contains information about the documents and Package that accompany your WGS200. 

1.1. Package Contents 



WGS200 - Internet Access Appliance 


User's Guide on CD-ROM 


AC Power Adapter 

Console Serial Cable 

Note: If any of the above items are missing, please contact your local Nonius commercial channel 
partner. 

1.1.1. About CD-ROM 

The CD-Rom contains the following: 

• WGS200 Documentation; 

• PDFCreator Software; 

• Adobe Acrobat Reader Software; 

• Number of useful links. 
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Note: If any of the above items are missing, please contact your local Nonius commercial channel 
partner. 

1.2. Documentation Comments 

Your suggestions are very important to us. They will help us making our documentation more 
useful to you. Please e-mail comments about this document to Nonius Software at: 

support@noniussoftware.com 

Please include the following information when commenting: 

• Document title 

• Release 

• Page number (if appropriate) 

Example: 

Document title: WGS200 Configuration Guide 
Release: 3.0.0 13/10/2008 (October 10, 2008) 

Page number: Page 21 (Network Menu) 
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2. Introducing the WirelessGEST Product Family 

The WGS200 is the core component for the management of wired/wireless networks, enabling the 
commercial offer of Internet access service. The WGS200 gathers the most complete set of 
functionalities available in the market at a low operational and maintenance cost, which allows a 
fast implementation of a small scale Internet Service Provider. 

The WGS200 may be adapted to several markets, depending on its configuration and on the client's 
requirements. The most common markets are the hospitality market (hotels), Estate condos, 
business (companies and business parks) and places with high volume of people's traffic like 
airports, train stations, public hotspots, etc. The next section, 2.1, makes a brief presentation of the 
WirelessGEST solution for the different markets. For application examples, please check chapter 5. 

2.1. WirelessGEST solutions 

2.1.1. WGHotel 

WGHotel is the solution for hotels [5.1]. It creates a network for public Internet access in the hotel, 
separating it from the hotel's internal network, using a firewall. The WGHotel solution is prepared to 
integrate the Internet billing with the hotel's billing system, by interfacing with the hotel's front- 
office system. When a room is checked-in, the information is sent to the WGS200 that automatically 
generates a username and a password for that room. The login data can then be sent to a ticket 
printer, located at the hotel's reception and this ticket may be attached to the room's key card. 

WGHotel may also provide 100% security to the hotel's clients when they connect to the public 
network, through a cabled connection. With the WG3PSW (WirelessGEST 3 rd -Party Switch) module 
the room's Ethernet plug may be enabled at check-in and disabled at check-out, prohibiting its 
usage when the room is not checked-in. WG3PSW may also configure one VLAN per room, 
preventing communication between different rooms in the same LAN. 

2.1.2. WGEstate 

WGEstate is the solution for condos [5.5]. The condominium shares the internet connection, 
through a Local Area Network installed in the building. The inhabitants can then have a wireless 
connection at their house and at low cost. Thanks to the functionalities of tariff and access control, 
only authorized users have access to the condo's internet connection. 

The WGEstate solution provides Quality of Service guarantees assuring that real time connections 
will always be prioritized over background connections. 

This solution is also prepared for realizing failover of multiple ADSL gateways and load balancing 
between several lines, meaning that the access lines are evenly used. 
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2.1.3. WGBizPark 

The WGBizPark [5.3] is the solution for companies and business parks. When applied to a company, 
it provides a hotspot for visitors. This hotspot is separated from the company's internal network, 
allowing the visitors to have Internet access, but no access to the company's important documents. 
The visitors will be asked to insert a username and password before accessing the Internet, which 
provides the company with a tool to control who is using their Internet connection. 

This solution is also prepared to provide VPN access to the company's internal network from the 
outside, allowing the company's workers to have access to the company's network from home or 
from any other point in the world. 

When applied to a business centre, it allows the administrator to control the Internet service 
provided to the residing companies. 

2.1.4. WGPublic 

WGPublic [5.2] is the solution adapted to the profile of airport users, commercial buildings, 
exhibition and congress centres, allowing the sharing of Internet access, and the provisioning of 
infrastructure to support information services and publicity. Typically, unlike hotels where one can 
find a reception desk, in these public places there is no central desk where to register for Internet 
access. Therefore, the WGPublic solution allows the users to register via the login page. This is 
ideal for free provisioning of Internet, but may be expanded for credit card billing, if required. 

The WGPublic solution also allows that remote DHCP-enabled Access Points, directly connected to 
Routers, route the users' packets to a remote IP, where the WGS200 is connected and where the 
captive portal and AAA server are running. This is the so-called "Layer 3" redirection mechanism 
[5.2], and is ideal when the remote routers are connected via a VPN to the router connected to the 
hotspot interface of the WGS200. 

2.1.5. WGHotspotClusterManager 

The WGHotspotClusterManager [5.4] is used when the client intends to connect several remote 
hotspots to a single authentication, authorization and accounting server, allowing the user to 
register in one of these hotspots and have Internet access in any of the other hotspots with the 
same username and password (this is an optional feature, if required the remote hotspots may be 
connected to the central AAA server, but the login data only works in a given hotspot). 

This solution requires one WGS200 to be installed in a central office and one Nonius' mini-gateway 
in each of the remote hotspots. The connection of the mini-gateways to the WGS200 is done via 
the Internet using an ADSL or CATV line (there must exist one line per hotspot). In each hotspot 
there will be a login page that may be specific to that hotspot. 

2.2. License Modules 

The following list is the set of License Modules available with the several WirelessGEST solutions. 
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Redundancy Module: this module enables the WGS200's redundancy. A master/slave working 
mode is then enabled. If the master fails, the slave guarantees the continuation of the service until 
the master takes over again. 

PayPal Module: the PayPal module allows the purchase of a login account via the Hotspot login 
page. Several pre-configured accounts will have an associated PayPal button that, when clicking on 
it, displays the PayPal web page allowing the user to buy the desired account using several 
payment methods (a PayPal account or Credit Card debit or Bank Transfer, etc.). 

High Avalability (Link Resiliency / Load Balancing / QoS) Module: this module enables a 
high-availability mode for the Internet service provisioning, between two ADSL lines. Link Resiliency 
includes a failover mechanism between the two ADSL routers; Load Balancing distributes internet 
sessions among the two routers and QoS enables packet classification and prioritization of 
management and real time traffic over background traffic. 

WG3PFO - Integration with Front-Office: The WG3PFO module is the interface with the hotel's 
Front-Office system. Currently integrated systems are: EasyLinq, EasyLynq-CLS, Micros Fidelio 
Opera, New-Hotel, Brilliant, Bilogica and Sihot. It works over a TCP/IP or serial connection. 

WG3PSW - Control Module Switches VLAN 802.1Q: The WG3PSW (WirelessGEST 3rd. Party 
Switch) is the module that controls the active equipment that is connected to the infra-structured 
network, controlling the Internet access through the active equipment, by enabling or disabling the 
switch's port. Moreover, it controls the establishment of independent VLANs for each network plug, 
guaranteeing privacy and total security to the customers. It is also the WG3PSW tool that enables 
the Room Auto Discovery feature. 

WGTicket - Tickets Print: If this module is enabled and a ticket printer is present and connected 
to the network, a ticket with the client's login data is printed. The ticket may be printed when 
WG3PFO is present or when the user is manually created through WGManager. 

WGPrintServer - Customer Printing: When this module is enabled, the users will be able to 
upload PDF files to the WGS200, using a web interface. There is a link to this web interface in the 
login page and in the pop-up window that is automatically opened when the user logs in. The 
uploaded files will be printed in a printer that the hotel may make available to its clients. The only 
supported printer is right now is the EPSON EPL-6200, HP Color LaserJet 3700, Samsung SXC- 
4725FN, Brother MFC-9420CN, Dell MFP Laser 3115cn (support for other printers may be developed 
at request). 

"f'Tip: Use PDFCreator to create PDF file, this program is on your CD-ROM. 

WGPPTP - VPN PPTP Server Windows (100 users): This module allows remote access to the 
company's intranet through PPTP, creating a safe virtual tunnel in the Internet between the user 
and the company. The usage of VPNs is safe due data encryption and to the requirement for 
logging in before entering the network. 
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GSM/GPRS/3G Interface: This module is used in moving facilities, such as boats or buses, 
where ADSL and CATV are not available. The WGS200 will use 2G/3G cellular networks for the 
Internet access, doing 3G/UMTS handover to 2G/GPRS in zones not yet covered by 3G. 

EvDO Interface Module: This module is used in moving facilities, such as boats or buses, where 
ADSL and CATV are not available. The WGS200 will use the CDMA2000 network deployed, in 
Portugal, by Zapp for the Internet access. 

Lifetech USB HUB Module: This module enables the expansion of the number of the WGS200's 
USB ports, for connecting more than 2 USB peripheral devices. 

SEC-TRACE: A recent regulation in Portugal was introduced due to the European Directive 
2006/24/CE which sets out the retention obligations for the providers of any kind of 
communications. Under the new regulation, the providers of any kind of communication must keep 
the data required to identify its origin, its destination, its date and duration, and its type of 
communication. Providers must keep such information for a term of at least twelve months. The 
interception of content of communications is under judicial control. This module implements the 
directive. 

SMS Gateway: This module allows the sending of a reminder of login and password to the user's 
mobile phone. 

WGS200 Hotspot Manager: this module (which is different from the WGHotspotManager 
solution) enables a centrally located WGS200 to gather information from remotely placed WGS200s. 
In this way it is possible to consult, in a single, central point, all the statistics from the remote 
WGS200s (user sessions, existing vouchers, registered users and so on). 

XML Management: this module allows the interaction with different platforms. An application 
programming interface (API) is provided. 
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3. Installing the WGS200 

This chapter contains information to install and set up the WGS200. 

Package contents: 

. WGS200 unit, 

• Power cord 

• AC Power Adapter 

If any of the above items are damaged or missing, contact your Nonius network supplier 
immediately. 

3.1. Front View 



Figure 1: WGS200 - Front View 


1 - Power LED 

2 - Hard drive LED 

3 - Green LED 

4 - Yellow LED 

5- LAN 1 

6- LAN 2 

7- LAN 3 

8- LAN 4 
10 - PWN 


A green LED is lighted when WGS200 is on. 

A yellow light blinks when WGS200 is accessing to the Hard Drive 
10/100 Mb Link 
Activity LED 

Primary WAN Interface (default configuration) 

Corporate LAN Interface (default configuration) 

Hotspot/Captive portal LAN Interface (default configuration) 
Secondary WAN Interface (default configuration) 

Power Button 
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3.2. Rear View 



Figure 2: WGS200 - Rear view 


1 - Power connector 

2- USB 

3- COM 

4- LAN 4 

5- LAN 3 

6- LAN 2 
7 - RST 
8- LAN 1 

9 - Green LED 

10 - Yellow LED 


Connect here the AC Adapter. 

Two USB ports are available 

DB9 Port used to console connection 

Secondary WAN Interface (default configuration) 

Hotspot/Captive portal LAN Interface (default configuration) 

Corporate LAN Interface (default configuration) 

Reset Button 

Primary Wan Interface (default configuration) 

Green LED lighted when the cable is connected 
Yellow LED Blink when the port has activity 


3.3. Top View 

In the top view you'll see in both sides two labels that provide warranty assurance: if you remove 
these labels, the equipment automatically loses its warranty. 
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Figure 3: WGS200 - Top View 


3.4. Choosing a suitable site 

The following conditions must be followed for a proper functioning of the equipment: 

1. This Equipment must be installed under protection of an UPS. 

2. The Switch is accessible and that cables and the power cord can be connected easily. 

3. Water or moisture cannot enter the case of the WGS200. 

4. Airflow is not restricted around the WGS200 or through the vents in the side of the Switch. 
Nonius recommends that you provide a minimum of 25 mm (1 in.) clearance. 

5. Air temperature around the WGS200 does not exceed 40 °C (104 °F). 

3.5. Rack Installation 

The best possible installation place for the WGS200 is on a shelf installed on a communication's 
rack. 
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4. WGS200 Application 

4.1. Minimum Hardware Requirements 

The WGConfig is a web environment that runs in its proper web server (the web server is one of 
the WGS200 software components). The WGConfig can be accessed using a standard web browser. 
The advised minimum is Microsoft Internet Explorer 5.0+, Netscape 4.7+ Navigator or Firefox 1.0+. 

The minimum hardware requirements are: 

WINDOWS 

• Pentium processor 

• Windows NT/2000/XP 

• 64MB of memory. We recommend more. 

• Standard web browser for Windows (available support only for MS Internet Explorer 5,0+, 
Netscape 4,7+ Navigator and Firefox 1.0+) 

LINUX 

• Pentium processor 

• Any Linux distribution 

• 64MB of memory. We recommend more. 

• Standard web browser for Linux (available support only for Netscape 4,7+ Navigator and 
Firefox 1,0+) 

4.2. Setting Up For Management 

To open the WGConfig - WGS200's configuration interface, for the first time, connect an Ethernet 
cable to the "LAN 1" interface (on the right hand from behind), and point your browser to 
https://169.254.255.10/WGConfia . 



Figure 4: Accessing the WGConfig Login Page 


"f’Tip: Assign a fixed IP address to your Nic card. Example: 169.254.255.11/2 
You should now be able to see the following page: 
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Figure 5: WGConfig - Login 


Insert the username and password credentials. The Administrative username is "admin" and the 
password is "tal2jfcp". 

' ( i ) 'Tip: One of the first things you should do when you login for the first time is to assign a fixed IP 
address to the WGS200's WAN interface and to connect it to the internal network (this may be the 
client's internal network or your company's internal network, if you are testing the equipment). 
Afterwards you will be able to manage and configure the WGS200 from any point in your network. 

4.3. Application Pages - General Description 


After starting the application, as described in the previous chapter, you will have access to a set of 
pages that will allow you to configure the WGS200 system. This page contains essentially two 
working areas: 

• Menu in the left area; 

• Edition/visualization area in right. 

Observe the page in the following figure: 



System Status 
System Log 
Boot Log 
Radius Log 
Net Devices Status 


WGSERVER 


WGHotel 





System Version 


System Uptime 

16:58:36 up 45 min, 0 users, load average: O.OO, 0.03, 0.08 

WAN Link Statistics 

I Interface I Service I Status ! Rx (KBytes) I Tx (KBytes) 

PROVIDING_SERVICE_FINE | 321 I 822 


Network Interfaces 

Managment Interface - ethO:l OP Ip: 169.254.255.10 Mask : 255.2SS.255.0 

Net Devices Interface - br0:10 UP Ip: 192.16B.186.1 Mask : 255.255.255.0 

WAN Interface 1-ethO UP Ip: 10.0.0.128 Mask : 255.255.255.0 

Hotspot Interface - tunO UP Ip: 192.168.176.1 Mask : 255.255.248.0 


193.137.55.10 

10.0.0.0 
192.168.186.0 
169.254.255.0 
192.168.176.0 
254.0.0 


0.0 


0.0 


0 ethO 
0 ethO 
0 brO 
0 ethO 


Active TCP/UDP IP Connections 

Number of connections: 12 


Figure 6: WGConfig - Genera! Description 
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To choose a given menu, just click the option you desire, and the edition/visualization area will 
change accordingly. 

In the following chapters, all the WGConfig menus are described. 

4.4. System Menu 

This menu is used for configuring generic system parameters, such as the behaviour of the physical 
Ethernet, USB and Serial interfaces, the activation or deactivation of NAT and the configuration of 
the WGManager interface. 


System 


Physical Interfaces 
Network Base 

WGManager 

Figure 7 - System Menu 

4.4.1. Physical Interfaces submenu 

This submenu allows the configuration of the physical interfaces behaviour. 


Hardware Physical Interfaces 


After applying changes a reboot is required. 


LAN1 Ethernet: 

| WAN Router ^J 

LAN2 Ethernet: 

| Hotspot Switch ^J 

LAN3 Ethernet: 

| Corporate LAN Switch 7J 

LAN4 Ethernet: 

| WAN Router 

USBO Interface: 

| None 

SerialO DBG: 

|WGServer Console ^J 


Apply 


Figure 8 - Physical Interfaces submenu 

The options for the Ethernet interfaces are: 

• WAN router - use this option for connecting this interface to an Internet Access 
router/modem; 

• DHCP LAN Port - use this option for enabling a DHCP server, without Captive Portal, on this 
port. Users connected through this port will have free Internet access; 

• Hotspot switch - use this option for enabling a Captive Portal on this port. Users connected 
through this port will be redirected and will only have access to the Internet after logging in 
successfully; 
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• Corporate LAN switch - use this option for connecting the WGS200 to the client's corporate 
network. This is useful, for example, for communication with PMS (Property Management 
Systems) systems; 

• Trunk port - use this option if you need to connect the WGS200 to a 802. lq enabled 
switch. 

The options for the USB interfaces are: 

• None - use this option if no USB device will be connected to the WGS200. 

• UMTS/GPRS/GSM - use this option to connect a USB 3G card. 

• EvDO - use this option to connect a EvDO (Zapp) telemodem. 

The options for the Serial interface are: 

• None - disables the serial interface; 

• WGS200 console - use this option for resetting the WGS200 to factory defaults; 

• UPS - use this option for connecting the WGS200 to a programmable UPS that may be able 
to restart power under certain conditions; 

• WG3PFO Serial Interface - use this option for connecting the WGS200 via serial port to a 
PMS system. 

4.4.2. Network base submenu 


By default the WGS200 performs NAT to the internal interfaces. It is possible to disable this 
behaviour by selecting the option "Router No NAT". 


Network Base Configuration 


Apply 


Network Mode: 


| Router With NATI 


Router With NAT 


Router Mo MAT 


Figure 9 - Network base submenu 
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4.4.3. WGManager submenu 


This submenu allows the configuration of the WGManager interface. 


NoniusSoft © 2009 

System 


Physical Interfaces 
Network Base 
WGManager 


Network 

Network Services 
Customization 
Maintenance 
Statu s/Logs 
Administration 


£ 


WGHotel 


Business Operation Mode: Hospitality - WGHotel 



Language: 

English ▼ 

General: 

IS Active 

Web Portal Config: 

IS Active 

Hangup User: 

IS Active 

Free Internet: 

0 Active 

Users Management: 

US Active 

MAC Users: 

IS Active 

Block MAC Users: 

0 Active 

Room Management: 

IS Active 

Vouchers Management: 

IS Active 

Vouchers: 

IS Active 

Service Profiles: 

[V] Active 

Billing Management: 

D Active 

Sites Management: 

IS Active 

Allowed Sites: 

IS Active 

Blocked Sites: 

IS Active 

Statistics: 

IS Active 

Admin: 

IS Active 


Figure 10 - WGManager submenu 

Business Operation Mode: select the correct value according to your client's business profile. 
The options are (for descriptions please check [2.1]: 

• Hospitality - WGHotel 

• Residential - WGEstate 

• Public Internet Access - WGPublic 

• Business Park - WGBizPark 

• Hotspot Management - WGHotspotManager 

• Hotspot Gateway - miniWGS200 


Language: set the WGManager's default language. The options are: 

• Portuguese 

• English 

• French 

• Spanish 

• Turkish 

The following parameters allow the enabling or disabling of WGManager's menu and submenus. For 
example, if the General menu is disabled, this menu and the corresponding submenus (Web portal 
Config, Hangup user and Free Internet) will not appear in the WGManager. 
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4.5. Network Menu 

This menu allows the definition of network addresses, firewall's parameters, VLAN configuration, 
etc. 


Network 


WAN Interfaces 
Corporate Interface 
Virtual Interfaces 
Terminals Manager 
VLAN/Bridge 
Routing 
VPN IPsec 
Firewall 

Figure 11: Menu - Network 


4.5.1. WAN Interfaces Submenu 


Network parameters can be configured at following menu: 


First WAH Interface 


Disable this WAH to edit parameters 


Network Service: 

| Router J 

Protocol: 

| Static ^ 1 

IP Address: 

10.0.0.172 

Netmask: 

255.255.255.0 

Gateway: 

10.0.0.1 

DNS Primary Server: 

193.137.55.10 

DNS Secondary Server: 

10.0.0.1 

WAN Enabled: 

1* uncheck to disable WAN 


Second WAN Interface 


Network Service: 

| (No Network Selected) 

DNS Primary Server: 

|o. 0 . 0.0 

DNS Secondary Server: 

|o. 0 . 0.0 


Apply 


Figure 12: Wan Interface - Primary Wan Configuration 
Note: There will be as many WAN Interface configuration forms as 'WAN Router' interfaces defined 
in the Physical Interfaces menu [4.4.1]. 

Network Service: select between router or modem/bridge. 

Protocol: Select Static (for static IP address) or DHCP (for dynamic IP address). 
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Note: If you select DHCP you will not know the IP address provided to the WGS200, unless you 
check your DHCP server. However you will be able to access the WGConfig interface through the 
LAN1 card, opening a browser and typing the https://169.254.255.10/WGConfia address. 

IP Address: Insert the WAN IP address (if you've selected static as protocol). 

Netmask: Chose network mask (255.255.255.0 for class C). 

Gateway: Chose the gateway IP address. 

User defined DNS Server: If you enable this checkbox you can configure DNS servers at "DNS 
Primary Server" and "DNS Secondary Server". If this checkbox is disabled, DHCP or PPP (3G) will 
determine the DNS servers that will be used. 

DNS Primary Server: Define primary DNS server. 

DNS secondary Server: Define secondary DNS server. 

r Tip: Ask your ISP (Internet Service Provider) which DNS servers are to be used. 

WAN Enabled: after clicking the Apply button, this check box appears and the previous fields 
become not editable. Unselect this check box, if you need to change this WAN interface's 
parameters. 

4.5.2. Corporate Interface 

Use this menu for configuring the network parameters of the interfaces defined as 'Corporate 
switch' in the Physical Interfaces menu. 


Corporate LAN Configuration 


Caution to set this parameters, since you can lose access. 


Active: 

1* Enable 

IP Address: 

|l92.168.1.2 

Netmask: 

|255.255.255.0 


Apply 


Figure 13 - Corporate Interface configuration 

"f’Tip: This interface's default IP Address is 192.168.1.2 and the default netmask is 255.255.255.0. 
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4.5.3. Virtual Interfaceds 

Virtual interfaces' parameters can be configured at the following menu: 


Virtual Interfaces 


Network Interface: 

| Hotspot Switch 

IP Address: 

1 1 

Netmask: 


Interface Usage: 

| Wan Access 

Virtual Interfaces: 

■^1 

zi 



Figure 14: Network Menu - Virtual Interfaces 


How to create a virtual interface over a physical interface: 

First you have to choose the Network Interface. You can choose between the Hotspot LAN and 
Corporate LAN interfaces. The next step is to choose the IP address and the Netmask. Then choose 
if you want this interface to have access (routing) to the following interfaces: Wan Access, 
Corporate LAN Access, or just for maintenance (Without routing). 

Network Interface: Select between Hotspot LAN or Corporate LAN interfaces. 

Note: The correct choice of interface is dependant of the Network Diagram. For example, choose 
Hotspot LAN if your device(s) will connect to the hotspot, but you want to provide them free and 
uncontrolled access to the hotspot. Choose Corporate LAN if your devices are connected to this 
interface and so on. 

IP Address: Insert the IP address you wish to allocate to the virtual interface. 

Netmask: Insert the Netmask you wish to allocate to the virtual interface. 

Interface Usage: Select from Wan Access, Corporate LAN Access, or Maintenance. 

Note: Choose Maintenance if you are creating the Virtual Interface only for managing the WGS200 
or any active equipment connected to this WGS200's physical inteface. Choose WAN or Corporate 
LAN Access if you wish that the WGS200 forwards packets to and from these networks. 

Virtual Interfaces: This text box lists the existing virtual interfaces. 

Example: 
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Guest Room User 
Secure VLAN 



CELULAR PHONE 
SIP User 
10.0.0.127 


PDA SIP User 
10.0.0.128 


Business Center 
192.168.182.2 


PMS Interface 

Server Ticket 

SIP Server Printer 

10.0.0.254 


Frontoffice PC 
Web WGManager 


Figure 15: Network Menu - Virtual Interfaces 


In this example, we create a virtual interface over the hotspot LAN physical interface, with the IP 
address 10.0.0.1 and Netmask 255.255.255.0. If we want that SIP users make phone calls to 
internet we just have to grant WAN access in SIP server, else SIP will be used just for internal use. 


4.5.4. VLAN/Bridge Submenu 

VLAN configuration can be enabled and configured automatically through this interface. 

'^'Tip: you can only assign VLANs to Trunk ports. Therefore, before configuring any VLAN you 
should configure one of the physical Ethernet ports as a Trunk port, in the Physical Interfaces 
submenu [4.4.1]. 


VLAN Configuration 


Executing OK will update system Vlans. Reboot needed to take effect. 


Enable 802.1 Q VLAN: 


w 


Apply 


Add.'Del Vlans. Reboot needed to take effect. 


Trunk Interface: 


802.1 Q VID [2 .4096]: 

i 

VLAN Name: 

| (no spaces allowed) 

VLANS: 

zl 



Figure 16: Network Menu - VLAN 
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Enable 802.1Q VLAN: Allows enable/disable VLAN configuration. 

Interface: WAN/LAN - This drop box allows the selection of the interface (WAN or LAN) in which 

the VLAN will be created. 

802.1Q VID: Insert the VID (VLAN ID). 

VLANS: List of VLANs already created. 

• VLAN application examples: 

1. Mark the AP client's traffic with VID 3. 

The traffic that passes through an Access Point that is able to mark (tag) the Ethernet 
frames with a given VID (3, for example) are forwarded to the switch where the Access 
Point is connected to. That switch's port must be marked as a member of the same VLAN 
used by the AP to mark the traffic (VID 3). Furthermore, this traffic will then be forwarded 
to the switch port where the WGS200's LAN interface is connected to. Therefore the 
WGS200 must be VLAN capable and have an interface marked as a member of the same 
VLAN (VID 3). IF the AP's traffic is marked with VID 3, the WGS200's configuration will be: 
LAN |3| Bridge. 

2. To configure the functionality to ping network equipments, for example, ping an AP that 
uses VLANs. Generally, management AP traffic uses a unique VLAN. To accomplish this task 
(ping the AP), the same VLAN must be configured on the AP, on the switch and on WGS200 
- so that the WGS200 can gain access to AP management. Take this example: the AP is 
using VLAN with VID 4 for management traffic. The switch port that connects to the AP is 
marked as a member of VID 4. The WGS200 must have an interface marked as a member 
of VID 4 and the configuration will be: LAN|4|IP| 192.168.186.1, where the IP address 
assigned to the VLAN must be in the same range of AP's IP address. 

The following forms are used to filter out equipments that may be connected to the WGS200's 

hotspot interface but shall not be configured by DHCP. 
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Hotspot Bridge Filtering Configuration 


Enable: 

I” Hotspot Bridge Block Enable 

Enable: 

I” Hotspot Bridge Filtering MAC 


Apply 


Hotspot Bridge Filtering 


Only applied if "Hotspot Bridge Filtering MAC" is enable. Notation for MAC,Mask: single MAC or MAC MASK (ex: 00:02:02:00:00:00.ff:ff:ff:00:00:00). 


MACAriask: 

1 

Filtered MACs: 

li 

±1 



Figure 17 - Hotspot Bridge Filtering Configuration 


Hotspot Bridge Block Enable: enable this check box to disable routing between VLANs in the 
WGS200. 

Hotspot Bridge Filtering MAC: enable this parameter for configuring a list of MAC addresses of 
equipments that must not be configured by the WGS200's hotspot DHCP server. 

MAC/Mask: insert the MAC address to filter out and a correspondent Mask if you desire to filter 
out a range of MAC addresses. 

Example: if you wish to filter out all MAC addresses that start with 00:02:02 insert 
00:02:02:00:00:00/ff:ff:ff:00:00:00. 


4.5.5. Routing submenu 


The routing submenu can be used to add static routes to the WGS200’s routing table. 


Apply 


Static Routing: 


w 


Enable 


Routing Configuration 


Route Name: 

1 

Destination NET/IP: 

1 

Destination Subnet Mask: 

1 

Gateway IP: 

1 

Static Routes: 

"3 

z\ 



Figure 18 - Static routing configuration 
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Static Routing: enable this check box for being able to configure static routes 
Route Name: assign a name to the new route; 

Destination Net/IP: insert a network address or an IP address, as desired; 

Destination Subnet Mask: insert the subnet mask of the destination network or IP address; 
Gateway IP: insert the gateway's IP address; 

Static Routes: this box lists the previously inserted static routes. 


4.5.6. VPN IPsec 

This submenu allows the establishment of Virtual Private Networks (VPN) between two WGS200's. 

A VPN is a private network that is configured within a public network (a carrier's network or the 
Internet) in order to take advantage of management facilities of large networks. VPNs are widely 
used by enterprises to provide site-to-site connections to branch offices and to allow mobile users 
to connect to their company LANs. At the moment only a point-to-point VPN can be established, 
i.e., only two WGS200's can be connected at once. 



Figure 19 - Enable option for VPN IPsec 


Enable VPN IPSec: Check to enable the VPN IPSec configuration or uncheck to disable it. 


VPN IPsec Global Configuration 


IKE Version: 

Version 1 ▼ 

Pre-shared Secret: 

Ipresharedsecret 

NAT Traversal: 

[V] Enable 

Local D: 

|Local l| 


BiEflll 


Figure 20 - VPN IPsec Global Configuration 

After enabling the VPN, the global configuration options and the VPN IPsec Configurations must be 
filed. 

IKE Version: choose the version IKEvl or IKEv2 of Internet Key Exchange Protocol; 

Pre-shared Secret: common secret used on authentication process. Must be equal in both peers; 

NAT Traversal: enable this option if the WGS200 is behind NAT (Network Address Translation); 

Local ID: if NAT Traversal is enabled, the local ID of each WGS200 is required and must be 
different from each other. 
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VPN IPsec Configurations 


Local Subnet: 

Corporate Network ▼ 

Remote Subnet: 

|l92.168.11.0/24 

| (xxx.xxx.xxx.xxx/xx) 

Local Gateway: 

(xxx.xxx.xxx.xxx) 

Remote Gateway: 

10.10.10.2 

| (xxx.xxx.xxx.xxx) 

Remote D: 

Local 2 

VPN IPsec Configurations: 





Figure 21 - VPN IPsec Configurations 


Local Subnet: select the subnet that will be used for establishing the VPN; 

• Two choices are available: Nonius Access Points Network and Corporate Network (usually). 
Remote Subnet: insert the remote subnet's IP address range; 

Local Gateway: public IP address of the local gateway (Read-Only); 

Remote Gateway: public IP address of the remote WGS200; 

Remote ID: insert a name for the remote site. 

VPN IPSec Configurations: this text area lists all configured IPSec tunnels. 


Local Subnet: 

Corporate Network ▼ 

Remote Subnet: 

| (xxx.xxx.xxx.xxx/xx) 

Local Gateway: 

10.0.0.1 (xxx.xxx.xxx.xxx) 

Remote Gateway: 

I (xxx.xxx.xxx.xxx) 

Remote D: 

1 

VPN IPsec Configurations: 

192.168.10.0/24 1 192.168.11.0/24 1 10.0.0.1 1 10.10.10.2 1 disabled | Corporate Network | Local 2 * 




Corporate Network: 


[3 Enable 


VPN IPsec Forwarding 


Apply 


Figure 22 - VPN IPsec Forwarding 


When the configuration is finished it is necessary to enable IPsec Forwarding to start the 
negotiation of the VPN tunnel. WGS200 has a watchdog every 5 minutes to ensure that the VPN 
tunnel is up. It also detects a dead peer and tries to re-establishes the tunnel. 
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4.5.7. Firewall 

This menu allows the configuration of the WGS200's firewall. 


Firewall Configuration 


Applying firewall configuration will clean any port forward already done. The Hotspot users will have to logoff/login again for the port forwarding to be performed. 


IPSec Passthrough: 

El Enable 

Customer LAN Protection: 

D Enable (Deny Captive Portal Clients to Access Wan Interface Network) 


Apply 


ICMP Reply 


LAN1 Ethernet: 

El Enable 

LAN3 Ethernet: 

□ Enable 

LAN4 Ethernet: 

□ Enable 


Apply 


Figure 23 - Firewall configuration and ICMP Reply 


IPSec Pass-through: If this checkbox is enabled, IPSEC protocol will be allowed between two 
endpoints that use this protocol. 

Customer LAN Protection: If this checkbox is enabled, the public Internet users will not be able 
to access the costumer's local area network, except for DNS services, if an internal DNS server is 
being used. 

Enable the ICMP reply checkbox for being able to PING the WGS200 at the chosen interface. It is 
not possible to enable ICMP replies on the Captive Portal interface due to the Captive Portal's 
nature of capturing all traffic and redirecting to a login page. 


Client Proxy Configuration 


This will force the type of traffic to be forward to proxies. 


HTTP Proxy: 

B Enable 

HTTP Proxy IP Address: 

I | 

HTTP Proxy TCP Port: 



EMM 


Figure 24 - Client Proxy Configuration 


HTTP Proxy: Enable/disable proxy configuration. When a proxy is used, HTTP traffic is routed to 
the previously configured proxy. 

HTTP Proxy IP Address: Chose proxy IP address. 

HTTP Proxy TCP Port: Chose the communication port. 


• Hotspot Port Forwarding 
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Use this form to perform port forwarding for equipments connected to the captive portal interface. 


Hotspot Port Forwarding 


If Customer LAH Protection is enable Wan interface network hosts wont be able to access the port. 


User Name: 

1 

Port: 

1 


~T\ 

Users: 



1 




Figure 25 - Hotspot Port forwarding 

Username: Insert the client's username or MAC address. 

Port: Define the communications' port. 

"f'Tip #1: Please instruct your clients they MUST configure their applications to use the defined 
port. 

TTip #2: it is not possible to have the same TCP/UDP port forwarded to different user names. 


NoniusSoft, Software e Consultoria para 
Telecomunicagoes, S.A. 
Rua Actor Ferreira da Silva, 100 
4200-298 Porto • Portugal 


Phone: +351 220301520 
Fax: +351 220301521 
E-mail: nonius@noniussoftware.com 
Website: www.noniussoftware.com 


30 • 96 

















[NONIUS 

COMMUNICATION SYSTEMS MATCHING YOUR NEEDS 


Configuration Guide — V3.4 
WGS200 


Corporate Port Forwarding 


Interface: 

| WAN 0 zi 

Protocol: 

|TC Pzi 

Source IP: 

192.168.103.S 

Source Port: 

1234 

Destination IP address: 

o 1 

Destination port: 

o 1 


<T3 

Corporate Port FW 

M 



Hotspot Services 


Enable Hotspot Services. 


All services: 

Enable all Hotspot Services 

Web: 

1* Enable HTTP and HTTPS protocols 

Email: 

1* Enable POP3, IMAP and SMTP protocols 

Voip: 

1* Enable SIP and H323 protocols 


Apply 


Figure 26 - Corporate Port forwarding, Hotspot Services 

• Corporate Port Forwarding 

Use this form to perform port forwarding for equipments connected to other interfaces (physical or 
virtual), but the captive portal interface. 

Interface: select the interface (physical or virtual) to which the target equipment is connected. 
Protocol: select TCP or UDP. 

Source IP: insert the IP address from where to admit connections or insert "all" if there's no 
restriction. 

Source Port: insert the TCP or UDP port. If there is port translation, insert the port to be 
translated. 

Destination IP Address: insert the targets equipment's IP address. 

Destination Port: insert the target equipment's TCP or UDP port. 
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• Hotspot Services 

Use this form to enable port forwarding to all or to some hotspot services. 

All services: if enabled, there will be no restriction to any hotspot service, and all the following 
options will be automatically enabled. 

Web: if enabled, the hotspot users will be granted HTTP/HTTPS services (TCP ports 80 and 443). 
E-mail: if enabled, the hotspot users will be granted access to the e-mail service. 

VoIP: if enabled, the hotspot users will be granted access to the e-mail service (SIP). 

• Hotspot Unspecified Services 

Use this form to enable hotspot services not included in the previous' form list. 


Hotspot Unspecified Services 


Enable Hotspot Unspecified Services. 


Protocol: 

|tcp d 

Destination IP Range: 

|e.g. 0.0.0.0/Q 

Source Port Range: 

e.g. 65555;70000;80000 

Destination Port Range: 

| e.g. 65555; 70000; 80015 

Current Unspecified Services: 

none _ij 

zi 




Figure 27- Hotspot Unspecified Services 

Protocol: specify the desired protocol (TCP, UDP, other); 

Destination IP Range: insert the range of destination IP addresses; 
Source Port Range: insert the expected TCP or UDP source port; 
Destination Port Range: insert the expected TCP or UDP destination port; 
Current Unspecified Services: list of currently enabled services. 
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4.5.8. QoS - Quality of Service Submenu 

This submenu is only visible if the High-availability license is enabled. The QoS parameters - MAX 
Upload Data Rate and MAX Download Data Rate, are configured in the following submenu: 


Quality of Service 


The Traffic Classifier option classifies/prioritizes the traffic within the following classe and guarantees Bandwidth for each: 

High Priority - Managment(SSH,HTTPs), TCP Control 
Realtime - DNS, VoIP, Video Streaming, Audio Streaming 

MinDelay MaxRealibility - Interactive Services - Browsing, Messengers, SSH, Telnet, VPN Protocols 
Medium Priority - Control Protocols(ICMP), Email, File Transfer, Gaming 
Low Priority - Unclassified Traffic 
P2P Traffic - Peer-to-Peer Traffic. 




Figure 28: Network Menu - QoS (Quality of Service) 


Rate Limit: Enable/disable bandwidth limitation for upload and download. 

Max Upload Data Rate: Insert the maximum value, in Kbps, for upload per WAN Interface. 

Max Download Data Rate: Insert the maximum value, in Kbps, for download per WAN Interface. 

Contention Ratio: Sets the contention ratio that will be performed by WGS200. 

Traffic Classifier: If the checkbox "Traffic Classifier" is enabled, the traffic will be 
classified/prioritized, guaranteeing prioritization between different types of service: 

• High Priority - Management (SSH,HTTPs), TCP Control 

• Real-time - DNS, VoIP, Video Streaming, Audio Streaming 

• MinDelay MaxRealibility - Interactive Services - Browsing, Messengers, SSH, Telnet, VPN 
Protocols 

• Medium Priority - Control Protocols(ICMP), Email, File Transfer, Gamming 

• Low Priority - Unclassified Traffic 

• P2P Traffic - Peer-to-Peer Traffic. 

If the Traffic Classifier is disabled, only bandwidth limitation will be performed and the traffic will 
not be prioritized. The Traffic Classifier is a very useful tool in WGEstate solution where the users 
tend to saturate the ADSL connection with P2P traffic. 
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How this works: 

WGS200 creates six queues, and classifies the traffic accordingly. The Traffic is then served by its 
priority. In figure, for the "high priority rate" the average for Upload "Up Avrg" is 20% and for 
Download is 40%. This means that for the management traffic the average service rate is 20%. 
When the queue reaches 40% of its limit it has to be served until it reaches reasonable values and 
keeps a good average. If the average service rate for this rule is nearly 20%, the system will treat 
the next queue, "Real-time Rate", which works as it is described for the first queue, and so on to 
the others queues. 

The functioning of the QoS system is only visible when the rate of traffic at the WGS200's input 
interface is so high that packets tend to become queued at the input buffers. This means that QoS 
will only improve the system's performance in high load scenarios! Otherwise, no improvement will 
be perceivable. 

The use of a Contention Ratio is required when the system administrator wants to give a 
guaranteed bandwidth to each hotspot user. It explicitly set the contention ratio that the WGS5000 
will apply to its WAN connection. 

TUse Case: If the hotel has a 100Mbps line and the contention ratio is set as 1:5, it means that 
WGS5000 can allocate 500 users at 1Mbps each. The contention ratio 1:5 is an excellent value for a 
hotel environment when compared to home usage access, where we find typical contention ratios 
around 1:50. 

4.6. Link Services Menu 

This menu is used for configuring generic link services provided by the High Availability module. 
This menu is only visible if the High-availability license is enabled. Here you can enable or 
disable the link failover functionality or the Load Balancing. 



Link Failover 


Load Balancing 


Figure 29 - System Menu 


4.6.1. Link Failover submenu 

The WGS200 tests the Internet connectivity over the first WAN interface. If it fails, it will test the 
connectivity over the second interface and so on until it finds a WAN interface with connectivity. It 
then routes all traffic over the fine WAN interface until the first one becomes fine again. The 
maximum number of WAN interfaces is 8. 
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Link Failover 


If enable the Link Failover will use the WAN interface order from the primary to 


Apply 


Enable: 


i* 


Figure 30 - Link Failover submenu 


4.6.2. Load Balancing 


Enables load balancing between two or more WAN connections. It improves the performance of the 
WGS200 by balancing the number of connections that each WAN port will have based in its 
bandwidth capabilities. In this menu it is also possible to add or exclude certain networks that are 
present in the WGS200 network from load balancing. 



Load Balancing Configuration 



Connection Tracking Load Balancing: | 3 Enable 





Extra Source Subnets to balance 


By default, all LAN Interfaces are load balanced. This form allows you to add a extra subnets, outside of the range of Hotspot, Corporate and DHCP, to the list of subnets to balance. 


Subnet NET/IP: 

| (XXX.XXX.XXX.XXX) 

Subnet Mask: 

1 (XXX.XXX.XXX.XXX) 

Subnet: 

* 



> 




Destination Subnets/Hosts to exclude from 
balancing 


This form allows you to exclude destination subnets or hosts from load balancing. 


Subnet NET/IP: 

| (XXX.XXX.XXX.XXX) 

Subnet Mask. 

(XXX.XXX.XXX.XXX) 

Subnet: 

* 



> 




Figure 31: Load Balancing Submenu 

Connection Tracking Load Balancing: Enable/disable load balancing feature. 


Subnet NET/IP: This input is present in both of the forms which add/exclude networks and it 
allows adding a specific network IP to the preferred action. 


Subnet Mask: This input is present in both of the forms that add/exclude networks and it allows 
to set the network mask for each network IP entry. 

"flip: Some sites/servers may have connection issues or may not be compatible or even prevent 
load balancing mechanisms from working properly. These should be added to the exclusion list, so 
that the load balancing is not used in those cases. 
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4.7. Network Services Menu 

The services shown in figure are available: 


Network Services 


Captive Portal 
DHCP Server 
VPN PPTP 
Dynamic DNS 
Radius Server 
HTTPTransp. Proxy 
DNS Server 
Service Unavailable 
XML 3rd Party Interface 

Figure 32: Menu - Network Services 


4.7.1. Captive Portal Submenu 

This submenu is not visible in the WGHotspotClusterManager solution. 


Captive Portal Configuration 


Reboot needed to take effect. 


Enable: 

w 

Zero-Config Static DNS: 

□ 

Zero-Config Static IP: 

□ 

Zero-Config Proxy: 

□ 

Pre Defined Captive Portal Network: 

1* Enable 

Captive Portal Network: 

1192.168.182.0/23 zi 

Primary Radius Server: 

1 127.0.0.1 

Secondary Radius Server: 

1 127.0.0.1 

Radius Secret Key: 

|testingl23 

Radius NAS-ldentifier: 

|wirelessgest. hotspot 

Dynamic Address Lease Time: 

[l20 

Logoff Idle-Timeout (in seconds): 

[ioo 

Secure Login WEB Portal: 

□ 

Layer3 Redirection: 

r 


Apply 


Figure 33: Network Services Menu - Captive Portal 


Enable: Enables the Captive Portal, which is the tool that performs the redirection to the login 
page when the user opens up the browser and that works as DHCP server. At the login page, the 
user must insert his/her username and password in order to gain Internet access. 
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Zero-Config Static DNS: This feature grants Internet access even the user has manually 
configured DNS servers on his network connection. The user will be redirected to login page, which 
wouldn't happen otherwise. 

Zero-Config Static IP: This feature grants Internet access even the user has manually configured 
IP addresses on his network connection. The user will be redirected to login page, which wouldn't 
happen otherwise. 

Zero-Config Static Proxy: This feature grants Internet access even the user has manually 
configured Proxy servers on his network connection. The user will be redirected to an help page 
that will guide the user to disable his browser proxy configuration. 

Pre-defined Captive Portal Network: if enabled, the captive portal will use its pre-defined pool 
of IP addresses. If disabled, you can manually define the range of IP addresses that will be 
assigned by the captive portal. When this check-box is disabled, a new form appears below [Figure 
34]. It is possible to configure the network range and mask, the lease time and the start IP address 
available for DHCP assignment. 


Captive Portal DHCP Configuration 


Captive Network Address: 

|l92.168.176.0 

Captive Netmask Address: 

|255.255.248.0 

Dynamic Address Lease Time: 

600 

Dynamic Range From: 

|l92.168.178.50 

J (DHCP start address) 

Dynamic Range To: 

192.168.179.254 

(Not possible to define, based in Network/Mask) 


Apply 


Figure 34 - Manual configuration of the captive portal's network 


"f'Tip: you should be very careful when manually configuring the captive portal network address 
and mask. A wrongly configured network and mask may cause instability in the WGS200's 
behaviour. 

Captive Portal Network: This field is a select box if the Pre-defined Captive Portal Network is 
enabled. The captive portal is, by default, configured in range 192.168.176.0/21. This means that 
there are 2048 available IP addresses for the hotspot. The WGS200 automatically divides this range 
in a dynamic and a static part, i.e., addresses from 192.168.176.2 to 192.168.179.254 will be 
dynamically assigned to users by the captive portal, while addresses from 192.168.180.1 to 
192.168.182.254 may be assigned to any equipment that requires a static IP address. You can 
reduce the size of this range by selecting the ranges 192.168.180.0/22 (1024 addresses) or 
192.168.182.0/23 (512 addresses). 

Primary Radius Server: Primary Radius server IP address. 

Secondary Radius Server: Secondary Radius server IP address. 

Radius Secret Key: Symmetrical key for message exchange between captive portal and RADIUS 
server. 
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Radius NAS-Identifier: Radius AAA Network Access Server identifier. 

Dynamic Address Lease Time: Lease time for a DHCP release of an unused IP address. 

Logoff Idle Timeout: Time, in seconds, after which the captive portal must consider a session as 
inactive and, therefore, automatically logoff the user. This time is overridden by the time defined in 
the service profiles, if the values are different. 

Secure Login Web Portal: If this option is enabled WGS200 will use Nonius certificates. Please 
note that an error message may appear to clients saying that the certificate belongs to an unknown 
entity. This message should be ignored. 

Layer 3 Redirection: Enables the Layer3 feature. When the IP address is provided to clients by 
an equipment different than the WGS200 and when there is routing between the client's network 
and the WGS200's LAN interface, the Layer3 feature must be enabled. 

Gateway IP address: This field is only visible if the Layer 3 Redirection checkbox is enabled. 
Insert the IP address of the layer 3 gateway that is connected to the LAN interface of the WGS200. 

Gateway MAC address: This field is only visible if the Layer 3 Redirection checkbox is enabled. 
Insert the MAC address of the layer 3 gateway that is connected to the LAN interface of the 
WGS200. 

• Hotspot VLANs 

If you defined a Trunk Port in the Physical Interfaces submenu [4.4.1] and created VLANs in the 
VLAN/Bridge submenu [4.5.4] you can now define on which VLANs will the Captive Portal run, i.e., 
which VLANs are controlled by the Captive Portal. 


Hotspot VLANs 


Reboot needed to take effect. 


VLANs: 

| L^N2 |100 | teste 

Hotspot VLANs: 

"3 

d 





Figure 35 - Hotspot VLANs 

VLAN: select the desired VLAN; 

Hotspot VLANs: list of VLANs controlled by the Captive Portal. 

4.7.2. DHCP Server 

This submenu is visible when there is at least one LAN interface configured as DHCP LAN Port on 
the Physical Interfaces submenu [4.4.1], A DHCP Server will be enabled on this port, providing free 
access to the Internet to the machines connected to this interface. 


NoniusSoft, Software e Consultoria para 
Telecomunicagoes, S.A. 
Rua Actor Ferreira da Silva, 100 
4200-298 Porto • Portugal 


Phone: +351 220301520 
Fax: +351 220301521 
E-mail: nonius@noniussoftware.com 
Website: www.noniussoftware.com 


38-96 














[NONIUS 

COMMUNICATION SYSTEMS MATCHING YOUR NEEDS 


Configuration Guide — V3.4 
WGS200 


Apply 


I - Enable 


DHCP Server 


i 


Figure 36 - DHCP Server 

DHCP Server: Enables/disables the DHCP server configuration. 
When enabled, the following forms appear: 


DHCP Server Configurations 


Physical Interface: 

| LAN 4 zi 

IP Address: 

1 

Netmask Address: 

1 

Lease Time: 

| (seconds) 

Dynamic Range From: 

1 

Dynamic Range To: 

1 

Configuration Name: 

(Note: This name will show up in the WGManager) 


U 

Configurations: 

1 



Note: This form is used to add Hostnames to previously saved DHCP configurations. 


Configuration Name: 


Host Name: 

i 

MAC Address: 

(XX-XX-XX-XX-XX-XX) 

IP Address: 

1 

Hosts: 




Figure 37 - DHCP Submenu 

• DHCP Server Configurations 

Physical Interface: select from the list of possible LAN interfaces the one you desire. 

IP address: Insert the network IP address of the range to be configured on clients. 

Netmask Address: Insert the network mask to be configured on clients. 

Lease Time: Insert the DHCP lease time, i.e., the time after which an IP address is released from a 
client and can be assigned to another client. 

Dynamic Range From: insert the first IP address to be assigned to clients. 

Dynamic Range To: insert the last IP address to be assigned to clients. 

Configuration Name: provide a name to this DHCP server’s configuration. 

Configurations: list of all DHCP servers configured. 
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• Reserved IP Configurations 

This form is used to reserve a given IP address to a given MAC address, i.e., a certain client can be 
assigned always the same IP address. 

Configuration Name: insert the name you provided in the previous form. 

Host Name: assign a name to the equipment that will have the reserved IP address. 

MAC Address: insert the equipment’s MAC address. 

IP Address: insert the IP address to be assigned to the equipment. 

Hosts: list of hosts with reserved IP addresses. 


4.7.3. VPN PPTP Submenu 

This submenu is only visible if the WGPPTP - VPN PPTP Server Windows (25 users) is enabled. 
This license enables the WGS200 to work as a VPN PPTP server, allowing users to connect to, for 
example, the corporate network from remote places. 



Enable: 

r 

Local Server IP: 

i i 

Client IP Range: 

|e.g. 192.168.0.2-15 

Primary MS-WINS: 

1 1 

Secondary MS-WINS: 

1 1 


Apply 


User Managment 


User Name: 

1 

Password: 

1 

Users: 

H 

d 




Figure 38: Services Menu - VPN PPTP 
Enable: Enables/disables the PPTP server configuration. 

Local Server IP: WGS200's VPN IP address, i.e., the IP address of the WGS200 in the internal 
network. Example: the WGS200 

Client IP Range: Defines the client's IP address range. The notation used is 192.168.1.10-20; 
Primary MS-WINS: Internal network MS-WINS server. 

Secondary MS-WINS: Internal clients network MS-WINS secondary server 
• User Management: 

Username: Set the username for the VPN user. 
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Password: Set the user's password 

Users: This box lists the users and the passwords (example: user | password) 

4.7.4. Dynamic DNS Submenu 

Remote access is essential for any required action, saving time with unnecessary technical 
displacement of technicians. Through a dynamic DNS address it is possible to have remote access 
to WGS200 at any time. In this submenu will be necessary to fill in the following fields: 


Enable: 

r 

Static IP: 

w 

Username: 

i i 

Password: 

i i 

Hostname: 

~ i 

Runs every: 

1 10 minutes 


Apply 


Figure 39: Services Menu - Dynamic DNS 

Enable: Enable/disable dynamic DNS. 

Static IP: Enable if the public IP address is static. 

Username: Username used in dynamic DNS account. 

Password: Password used in dynamic DNS account. 

Hostname: Example: entity_name.dyndns.org 

Runs Every: Choose the update interval of the IP address in the DynDNS databases. The options 
are: 10 minutes, 30 minutes, 1 hour and 1 day. 

" ( i > Tip #1: To create a dynamic DNS address you will have to create a user account at 
http://www.dvndns.com/ (or at any other Dynamic DNS Entity) and submit the URL (for example, 
entity_name.dyndns.org). 

• Tip #2: For being able to access the WGS200 via the DynDNS URL, you will need to configure 
port forwarding of the 443 port in the router that's connected to the WGS200's WAN interface. 

4.7.5. Radius Server Submenu 

An Authentication, Authorization and Accounting (AAA) server is present on the WGS200. This 
menu enables or disables this feature. 


Enable: 


w 



Apply 


Figure 40: Services Menu - Radius Server 
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Enable: Enable/disable RADIUS server. 


4.7.6. HTTP Transparent Proxy 


The WGS200 can “transparently” (i.e., without user intervention) proxy HTTP requests and cache 
replies. This enables a faster reply for subsequent requests. To enable this feature, click on the 
“Enable” checkbox. 


HTTP Transparent Proxy 


Enable: 


r 


Apply 


Figure 41: Services Menu - HTTP Transparent Proxy 


Enable: Enable/disable HTTP Transparent. 


4.7.7. DNS Server 

This menu enables DNS acceleration. The WGS200 caches DNS requests and locally replies to 
subsequent requests if the answer is already cached. This menu enables the DNS cache. 


DNS Server Configuration 


Caching: 


r 


Apply 


Figure 42: Services Menu - DNS Server Configuration 


Enable: Enable/disable DNS Server Configuration. 


4.7.8. Service Unavailable 


The Service Unavailable feature displays a “Service Unavailable” message to users if, for some 
reason, the Internet Access service is not available (due, for example, to problems in the access 
line, or others). 


Enable: 


r 


Service Unavailable 


i 


Apply 


Figure 43: Services Menu - Service Unavailable 

Enable: Enable/disable Service Unavailable 
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4.7.9. XML 3rd Party Interface 

This submenu is only visible if the XML 3 rd Party Interface module is enabled. This feature allows 
external platforms to invoke the WGS200 via a Web Services interface. For seeing the list of 
available Web Services go to: https://«WGS200’s IP address»/WebServices . The WSDL file is 
available at https://WGS200’s_IP_address/WebServices/index.php?wsdl. 


XML 3rd Party Interface 


XML 3rd Party Interface: £7] Enable 



XML 3rd Party Interface Configurations 


Key: 

|xmlsecretkey 

Account Events Callback: 

[7] Enable 

WSDL URL: 

1 1 

Delete Account After Expiration: 

□ Enable 

Notify Internet Service Initiation: 

O Enable 


■ana™ 


Figure 44 - XML 3rd Party Interface Configuration 

Enable: Enable/disable XML 3 rd Party Interface. 

Key: Key used for authentication (must be the same in both peers). 

Account Expired Callback: Enabling this option makes the WGS200 invoke a Web Service 
located at the peer, informing that a given account has expired. 

WSDL URL: Web Service location. Insert the peer's WDSL URL. 

Delete Account After Expiration: Enable this option to remove expired accounts. The WGS200 
will remove any expired account and a new account needs to be created before the user is allowed 
to use the Internet again. 

Notify Internet Service Initiation: Enable this option to send a notification whenever a hotspot 
user does the first login. The WGS200 will call a remote WebService when a hotspot user executes 
its first login. 

"f’Tip: The Expired Callback feature is dependent on the peer's WSDL. Please consult Nonius for 
checking out if this service will work with your software. 

4.8. Customization Menu 

The options of this menu allow customizing the system accordingly to the client's requirements. 
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Customization 


Customer 
Login Page 
Time Zone 
Hotspot Service 
Online Register 
WGManager Users 

Figure 45: Customization Menu 


4.8.1. Customer Submenu 

Insert the costumer's data in the following form for automatic generation of security certificates. 
These certificates assure privacy since the access to the web server will be done through public key 
cryptography. This form is also used for determining the currency that is used for vouchers and 
how many vouchers shall be printed per page. 


Customer Details 


Name: 

|Nonius 

Country: 

Portugal ▼ 

Location: 

|Porto 

Social Designation: 

|Nonius 

Tax D Number: 

1 1 

Unit Name: 

[it 

Service Name: 

[it 

Support Email: 

|suporte@noniussoftware.com 

Website: 

|www.noniussoftware.com 

Currency: 

Euro 




Figure 46: Customization Menu - Customer 

Name: Insert the client's institutional name; 

Country: Insert the client's country name; 

Location: Insert the client's location (city name). 

Social Designation: Insert the client's social designation; 

Unit name: Insert the client's unit name (if any); 

Service name: Insert the service name (Wireless Network, for example); 
Support e-mail: Insert the e-mail address of helpdesk provided to the client. 
Website: Insert the client's web site URL. 
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Currency: When generating vouchers, price information is displayed on them. This select box 
determines the currency symbol that will be printed besides the price. 

Voucher per page: number of vouchers that will be printed on an A4 page. The options are 1 or 
10 . 

4.8.2. Login Page Submenu 

Login page customization is possible through the upload of images that meet the costumer's 
desired look and feel. Different images may be loaded. 


Hotspot Login Page Behaviour 


Note: Default Web Page is used only when popups are disabled. 


Text Default Language: 

| Portuguese 

Popup: 

I” Enable 

Logout on Popup Close: 

V Enable 

Default Web Page: 

|noniussoftware.com 

Disclaimer: 

V Enable 

Login Page Type: 

| Normal 




Figure 47: Customization Menu - Login 

Text default Language: Defines the login page default Language. 

Popup: Enable/disable browser popup's - when enabled a pop-up window with a timer and a link 
for logging out will open informing the client about the duration of his Internet session or how 
much time he has left, in case he is using a pre-paid voucher. 

Logout on Popup Close: if this feature is enabled, users will be automatically logged out if they 
close the timer's popup window. 

Default Web Page: When popup's are disabled you can configure the website that the user will 
see after login (instead of his own home page). 

Disclaimer: enable this checkbox if you want the users to read a disclaimer before using the 
system. The disclaimer's text can be inserted at the WGManager interface. 

Login Page Type: there are two options - normal or frames. The normal page is very simple and 
light and you can only personalize it by uploading a client's logo. The frames page divides the login 
page in two frames. The left one is used for insertion of the login data, while the right one can be 
any page desired by the client. 
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• Hotspot Login Page Layout: 

Depending on the chosen login page type the following form changes. For the normal page the 
options are: 


Hotspot Login Page Layout 


Note: Images size must be less than 512 Kbytes. 



Apply 


Figure 48: "Normal" Hotspot Login Page Layout 

Hotspot Login Logo: Here you may upload the image that will appear in login page. 

PDA Hotspot Login Logo: Upload the image that will appear in login page when using a PDA to 
Internet access. 

Voucher Logo: Upload the image that will be presented in vouchers. The size of the voucher logo 
must be 178x143 pixels. 


Hotspot Login Page Layout 


Note: Images size must be less than 512 Kbytes. 


Default Frame Website: 

|www.noniussoftware.com 

Frame Logo: 

Procurar... | | 

Upload 

1 

LOGO 

186*76 


PDA Hotspot Login Logo: 

Procurar... | | 

Upload 

1 

Snonius software 


Voucher Logo: 

Procurar... | | 

Upload 

1 





Apply 


Figure 49 - Frames Login Page Layout 

Default Frame Website: insert the page that will be displayed on the right frame. 

Frame Logo: To upload a "JPG" image logo for the frame, the size of the frame logo must be 
180x75 pixels. 

PDA Hotspot Login Logo: The same as above. 

Voucher Logo: The same as above. 

'ffi'Tip: The currently loaded images are displayed below the respective box. 
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• VLAN Frame Website: 

The WGS200 can also present to users a different web page, depending on the VLAN that the user 
is connected to (assuming that more than one VLAN is connected to the Captive Portal). The 
following form lets you configure the right frame page to be displayed per VLAN. 


VLANs Frame Website 


VLAN Name: 

rs 

VLAN Frame Website: 

□ 

VLANs Frame Website Configured: 

1 


m BiBB 


Figure 50: VLANs Frame Website 

VLAN Name: select the desired VLAN; 

'f'Tip: First, you need to define a Trunk Port in the Physical Interfaces submenu [4.4.1]. Then you 
need to create the desired VLANs in the VLAN/Bridge submenu [4.5.4]. 

VLAN Frame Website: insert the website that users connected to this VLAN will be shown; 

VLANs Frame Website Configured: list of configured websites per VLAN. 


4.8.3. Submenu - Time Zone 

Time zone can be configured in this submenu: 



Figure 51: Customization Menu - Time Zone 
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4.8.4. HotSpot Service Submenu 

Set start and stop hours for the hotspot/Captive Portal service, on weekends and week days. If the 
Hotspot Service Control is disabled, the hotspot service will always be functional. 


Hotspot Service 


The Hotspot Service control will only take effect on the next possible configured period 


Hotspot Service Control: 

l~ Enable 

Hotspot Service Weekend: 

I - Enable 

Weekend Start Hour: 

| 0:00 z\ 

Weekend Stop Hour: 

| 0:00 ^J 

Hotspot Service Week Days: 

I” Enable 

Week Start Hour: 

| 0:00 z] 

Week Stop Hour: 

| 0:00 z\ 


Apply 


Figure 52: Customization Menu - Hot Spot Service 

Hot Spot Service control: Enable/disable Hotspot Service Control. 

Hot Spot Service Weekend: Enable/disable the Hotspot Service on weekends. 
Weekend Start Hour: Set the time for service starting hour at the weekend. 
Weekend Stop Hour: Set the time for service stop hour at the weekend. 

Hot Spot Service Week days: Enable/disable the Hotspot Service on week days. 
Week Start Hour: Set the time that the service will start at week days. 

Week Stop Hour: Set the time that the service will stop at week days. 
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4.8.5. WGManager Users 

In this menu you can add, delete or modify the WGManager users. It allows to configure the 
password, menus and submenus access on a per user basis. 


WGManager Users 


Username: 

1 1 

Password: 

1 1 

General: 

0 Enable 

Users Management: 

0 Enable 

Rooms Management: 

0 Enable 

Vouchers Management: 

0 Enable 

Service Profiles: 

0 Enable 

Billing Management: 

0 Enable 

Sites Management: 

0 Enable 

Paypal Management: 

0 Enable 

Statistics: 

0 Enable 

System: 

0 Enable 

Admin: 

® Enable 

Logout: 

0 Enable 

WGManager Users: 

admin | nonius * 
caixa | nonius 
cashier | nonius 
recep | recep 



Update 


Figure 53: Customization Menu - WGManager user menus permissions 

Username: Username of the WGManager user. 

Password: Sets the user password. 

Permissions checkboxes: In order to improve the permissions granularity there are two levels of 
abstraction, the first checkbox allows the user to access each main menu, in each main menu we 
have submenus, each one with a corresponding checkbox that allows configuring the permission to 
that submenu. 

WGManager Users: Allows you to select one user causing the form to be reloaded with the 
selected user details, for editing purposes. 

Add: Adds a new WGManager user 

Update: Updates the information of the selected WGManager user 
Del: Deletes the selected WGManager user 


4.8.6. Online Register Submenu 

This submenu (available only in WGPublic solution), is for configuring the online registration 
feature. 

The following picture shows the configuration form. 
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Note: Images size must be less than 512 Kbytes. 


Online Register Logo: 

| Arquivo ] 

Online Register Background: 

[ Arquivo- | 


Remove Logo | Remove Background 


The Username and Email fields are allways mandatory. 

The available form/mandatory fields are: name, surname, sex, age, birthdate, country, county, parish, postalcode, work, training and computerequipment. 
The Mandatory Fields must appear on the Form Fields, otherwise won't be displayed. 


Activation by e-mail?: 

D Enable (When enabled, the account will use the ’Pre-Confirmation' profile until the email is confirmed) 

Form Fields: 

age, sex, surname, name 

Mandatory Fields: 

|surname, name 


Figure 54: Online Register configuration options 

Through the Online Register Page Layout form it is possible to change the logo and the background 
of the online register window. 


The uploaded images must be in "JPG" format. The image size must be less than 
512Kbytes. 

The Online Register Fields form is shown in Figure 55. This form enables the activation and 
confirmation by email. When the user finishes the registration, a confirmation email is sent to the 
provided email address. 


The Username and Email fields are allways mandatory. 

The available form/mandatory fields are: name, surname, sex, age, birthdate, country, county, parish, postalcode, work, training and computerequipment. 
The Mandatory Fields must appear on the Form Fields, otherwise won’t be displayed. 


Activation by e-mail?: 

0 Enable (When enabled, the account will use the 'Pre-Confirmation' profile until the email is confirmed) 

SMTP Server IP Address: 

|localhost 

SMTP Server Port: 

I 25 | 

SMTP Authentication: 

□ Enable 

SMTP TLS: 

O Enable 

Activation Link Hostname: 

1 1 

Name From: 

IwirelessGEST 

E-mail From: 

1° 1 

Subject: 

1° 1 

E-mail Message: 

0 | (max 255 chars) 

Form Fields: 

|age, sex, surname, name 

Mandatory Fields: 

|sumame, name 


Figure 55: Online Register Fields configuration 


Activation by e-mail: Enable/disable the confirmation email. 
SMTP Server IP Address: IP address of the mail server. 
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SMTP Server port: Insert the SMTP port (default 25). 

SMTP Authentication: Enable/disable SMTP authentication (if required). Username and password 
must be supplied. 

SMTP TLS: Enable/disable SMTP secure connection (if required). 

Activation Link Hostname: WGS200 hostname used for activation. 

' < § > 'Tip: Usually, the Activation Link Hostname is configured with the default gateway of the Captive 
Portal, i.e., if the Captive Portal has the network address 192.168.176.0, the default gateway is 
192.168.176.1. Example of Activation Link: 

https://192.168.176. l/WGManager/htdocs/useraccount.php?key=el2149b8e92c22675abf2d6e2fe0 
88498a0dbldb 

Name From: Insert the name of entity that sends the email (the e-mail's FROM: field). 

E-Mail From: Insert the reply email address (the e-mail's REPLY TO: field). 

Subject: Insert the email's subject. 

E-Mail Message: Insert the email message (body). 

Form Fields: Configure the fields to be shown on the online register window (Figure 56). The 
available options are listed at the top of this form. 

Mandatory Fields: Configure the mandatory fields shown (Figure 56). Three fields are always 
mandatory: username, password and email. The remaining fields are optional. 


Online Register 


All required fields have an asterisk * 


Username * 

1 1 

Password * 

1 1 

Confirm Password * 

1 1 

E-Mail * 

1 1 

Name * 

1 1 

Surname * 

1 1 

Sex 

Male ^ 

Age 

- 

I authorize the use of my details for information purposes 

H 


Register 


Figure 56: Online Register Window Example 
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4.9. Maintenance Menu 


Maintenance 


Network Devices 
DB Backup 
VPN 

UPS Control 

Figure 57: Maintenance Menu 

4.9.1. Network Devices Submenu 

If the Network Devices Check is enabled, the WGS200 periodically checks the status of network 
devices and sends an e-mail to the configured address if some device is malfunctioning. Email is 
sent once in a day at 7 AM, local time. 


Periodic Net Devices check 


Enable: 

r 

Destination Email: 

i i 


Apply 


Network Devices 


IP Address: 

1 

Name: 

1 

Network Devices: 

Ll LlI 





Figure 58: Maintenance Menu - Network Devices 


Enable: Enable/disable network devices checking. 

Destination Email: Define destination e-mail address in case of malfunction; 

• Network Devices 

IP Address: Define IP addresses of network devices 
Name: Insert the desired name for the network device 

Network Devices: This box lists the network devices IP addresses that will be checked-up. 
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4.9.2. DB Backup Submenu 

For maintenance purposes it is wise to have a backup of the client's user database. If something 
fails it will be possible to restore the service in almost the same status as it was when the failure 
happened. The requirement is to have a remote SSH server where the client's WGS200 will connect 
to via an SSH session, copying the database. The backup is done, by default, everyday at 4.00 AM, 
local time, but it is possible to set the time to another hour. 

If a backup failed and you detect the failure, it is possible to log in to the client's WGConfig 
interface and click in the "Backup Now" button, which will manually trigger the database's backup. 


Periodic Database Backup 


Backup now may take a few minutes to execute. 


Enable: 

r 

SSH Server Hostname: 

i i 

SSH Username: 

i i 

SSH Password: 

1 | 

Destination File PATH: 

1/ 1 

Runs every day at: 

| 400 AM ^J 


Apply | Backup now 


Figure 59: Maintenance Menu - DB Backup 

Enable: Enable/disable periodic database backups. 

SSH Server Hostname: Backup server's hostname or IP address. 

SSH Username: Username used for SSH session, (example: root). 

SSH Password: Password used for SSH session, (example: password). 

Destination File PATH: Destination file path where the backup will be stored. 

Runs every day at: Select the time to run the backup automatically. 

Backup now: Command to execute backup now. 

4.9.3. VPN Submenu 

OpenVPN is a solution that makes it possible to remotely access the WGS200 without doing port 
forwarding in the remote modem/router. Every WGS200 has an OpenVPN client that connects to a 
remote OpenVPN server. You may configure the server's information using this menu. 


NoniusSoft, Software e Consultoria para 
Telecomunicagoes, S.A. 
Rua Actor Ferreira da Silva, 100 
4200-298 Porto • Portugal 


Phone: +351 220301520 
Fax: +351 220301521 
E-mail: nonius@noniussoftware.com 
Website: www.noniussoftware.com 


53 • 96 



























[NONIUS 

COMMUNICATION SYSTEMS MATCHING YOUR NEEDS 


Configuration Guide — V3.4 
WGS200 


OpenVPM Client 


Enable: 

n 

Remote Server: 

i i 


Apply 


Upload Certificate Authority (ca.crt): 


Upload Client Certificate (*.pem): 


Upload Client Key (*.key): 


Procurar... | 

Procurar... | 

Procurar... | 


Upload 

Upload 

Upload 


Figure 60: Maintenance Menu - VPN 

• QpenVPN Client 

Enable: Enable/disable the OpenVPN client. 

Remote Server: Hostname or IP address of the remote OpenVPN server. 

• Certificates 

Upload Certificate Authority: Upload of the Certificate Authority that emits digital certificates, 
certifying that the contained public key in the certificate belongs to a trusted entity. 

Upload Client certificate: Upload client certificate so that the authentication becomes possible. 

Upload Client key: Upload of client key so that the authentication becomes possible. 

't'Tip: These certificates have to be created in your remote OpenVPN server, and then uploaded 
into the WGS200. 


4.9.4. UPS Control 

When connected to a Phasak UPS, the WGS200 can program the UPS to cut the power (and 
consequently restart any equipment connected to the UPS) periodically. Every 2/3 minutes the 
WGS200 cancels the restart instruction. If the restart instruction is not cancelled, the UPS will cut 
the power. This feature is useful to automatically perform a reboot if, for example, the WGS200 
crashes. 


Enable: | l~ 


Apply 


Figure 61: Maintenance Menu: UPS Control 

Enable: enable or disable the UPS control. 
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4.10. Status/Log Menu 


Status/Logs 


System Status 
System Log 
Boot Log 
Radius Log 
Net Devices Status 
WGTicket Status 
WG3PFO Log 
WG3PSW Log 

Figure 62: Status/Logs Menu 


4.10.1. System Status Submenu 

This submenu shows system configurations. 


System Status 


System Version 

WirelessGEST Release - 3.4.10 - 06/11/2009 

Linux 2.6.12—1.1381_FC3 ±686 

System Uptime 

12:16:00 up 20:00, 0 users, load average: 0.00, 0.06, 0.07 


WAN Link Statistics 


1 Interface | 

Service I 

Status | 

Rx (KBytes) I 

Tx (KBytes) | 

| WAN 1 | 

wanrouter | 

PROVIDING_SERVICS_FINS | 

5272 I 

4007 | 


Network Interfaces 

ethO:1 UP Ip: 169.2S4.255.10 Mask : 255.255.255.0 

br0:10 UP Ip: 192.168.186.1 Mask : 255.255.255.0 
ethO UP Ip: 10.0.0.128 Mask : 255.255.255.0 
tunO UF Ip: 192.168.176.1 Mask : 255.255.248.0 


Managment Interface -- 

Net Devices Interface 

WAN Interface 1 - 

Hotspot Interface - 


Routing Table 


Destination 

Gateway 

Genmask 

Flags Metric 

Ref 

Use 

Iface 

193.137.55.10 

10.0.0.1 

255.255.255.255 

UGH 

0 

0 

0 

ethO 

10.0.0.0 

o 

o 

o 

o 

255.255.255.0 

U 

0 

0 

0 

ethO 

192.168.186.0 

o 

o 

o 

o 

255.255.255.0 

U 

0 

0 

0 

brO 

169.254.255.0 

0.0.0.0 

255.255.255.0 

U 

0 

0 

0 

ethO 

192.168.176.0 

o 

o 

o 

o 

255.255.248.0 

U 

0 

0 

0 

tunO 

169.254.0.0 

o 

o 

o 

o 

255.255.0.0 

U 

0 

0 

0 

ethO 

o 

o 

o 

o 

o 

o 

o 

0.0.0.0 

UG 

0 

0 

0 

ethO 


Active TCP/UDP IP Connections 

Number of connections: 6 


Figure 63: Status/Logs Menu - System Status 
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The following parameters can be visualized: 

System Version: Shows the WirelessGEST software version and Linux Operating System kernel 
version. 

System Uptime: Shows the system uptime since last reboot or shutdown. 

WAN Interface: Shows WAN (ethO) interface configuration. 

Routing Table: Shows the WGS200's routing table. 

WGFailover Status: Shows the failover Configuration. 

Active TCP/UDP IP Connections: Shows the active TCP/UDP connections. 

Packet Classification: Shows package classification status, if it is enabled. The row "Packet 
Classification" shows detailed information if in Solution > Active Modules you have selected 
WGQoS module and in Network > QoS - Quality of Service you have enabled "Traffic 
Classifier". You can analyze traffic classes and the amount of bytes that passed for each class. 
Classes are listed below: 

• High Priority - Management (SSH,HTTPs), TCP Control 

• Real-time - DNS, VoIP, Video Streaming, Audio Streaming 

• MinDelay MaxRealibility - Interactive Services - Browsing, Messengers, SSH, Telnet, VPN 
Protocols 

• Medium Priority - Control Protocols(ICMP), Email, File Transfer, Gamming 

• Low Priority - Unclassified Traffic 

• P2P Traffic - Peer-to-Peer Traffic. 

In the following image you can take a look to an example of packet classification. 
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Packet Classification 

ethO 

class htb 1:10 root leaf 10: prio 0 rate 36Mbit ceil 72Mbit burst 6093b cburst 10534b 
Sent 472737 bytes 2151 pkts (dropped 0, overlimits 0 requeues 0) 
rate 706bit 4pps 

1ended: 2151 borrowed: 0 qiants: 0 
tokens: 1363 ctokens: 1193 

class htb 1:20 root leaf 20: prio 1 rate 72Mbit ceil 144Mbit burst 10534b cburst 19566b 
Sent 252 bytes 3 pkts (dropped 0, overlimits 0 requeues 0) 

1ended: 3 borrowed: 0 qiants: 0 
tokens: 1197 ctokens: 1110 

class htb 1:30 root leaf 30: prio 2 rate 108Mbit ceil 130Mbit burst 15079b cburst 24075b 
Sent 0 bytes 0 pkts (dropped 0, overlimits 0 requeues 0) 

1ended: 0 borrowed: 0 qiants: 0 
tokens: 1144 ctokens: 1096 

class htb 1:40 root leaf 40: prio 3 rate 144Mbit ceil IS0Mbit burst 19566b cburst 24075b 
Sent 0 bytes 0 pkts (dropped 0, overlimits 0 requeues 0) 

1ended: 0 borrowed: 0 qiants: 0 
tokens: 1114 ctokens: 1096 

class htb 1:50 root leaf 50: prio 5 rate 18Mbit ceil 18Mbit burst 3847b cburst 3847b 
Sent 0 bytes 0 pkts (dropped 0, overlimits 0 requeues 0) 

1ended: 0 borrowed: 0 qiants: 0 
tokens: 1752 ctokens: 1752 

class htb 1:60 root leaf 60: prio 4 rate 36Mbit ceil 36Mbit burst 6093b cburst 6093b 
Sent 976 bytes 3 pkts (dropped 0 f overlimits 0 requeues 0) 

1ended: 3 borrowed: 0 qiants: 0 
tokens: 1379 ctokens: 1379 


Figure 64: Packet classification 


This information is useful for some parameters validation, like - "rate" - the reserved bandwidth; 
"ceil" - the peak bandwidth that a given class can allocate from the total bandwidth if there is any 
available; "sent" - the amount of sent traffic, among others. 



check the Customer Name and the WirelessGEST Version at any time when 


accessing the WGConfig page. This can be seen in the header near the top right corner. 


r 



Figure 65: Top Header with WGS200 information 
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4.10.2. System Log Submenu 

This submenu shows the WGS200's system logs. 


System Log 

Dec 10 19:11:48 
Dec 10 19:11:48 
Dec 10 19:11:48 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 
Dec 10 19:11:49 


wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgs erver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgs erver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgserver kernel: 
wgs erve r kernel: 
wgserver kernel: 
wgserver kernel: 


PNP: PS/2 Controller [PNP0303:KBC,PNP0fl3:M0US] at 0x60,0x64 irq 1,12 
serio: 18042 AUX port at 0x60,0x64 irq 12 
serio: 18042 KBD port at 0x60,0x64 irq 1 

Serial: 8250/16550 driver ?Revision: 1.90 $ 76 ports, IRQ sharing enabled 

tty SO at 1/0 0x3f 8 (irq = 4) is a 16SS0A 

ttySI at 1/0 0x2£8 (irq =3) is a 16SS0A 

ttySO at 1/0 0x3£8 (irq =4) is a 16SS0A 

ttySI at 1/0 0x2£8 (irq = 3) is a 16SS0A 

io scheduler noop registered 

io scheduler anticipatory registered 

io scheduler deadline registered 

io scheduler cfq registered 

RAMDISK driver initialized: 16 RAH disks of 10000K size 1024 blocksize 
Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2 

ide: Assuming 33MHz system bus speed for PI0 modes; override with idebus=xx 
PIIX4: IDE controller at PCI slot 0000:00:07.1 
PIIX4: chipset revision 1 

PIIX4: not 10044 native mode: will probe irqs later 

ideO: BM-DMA at 0x1080-0x1087, BIOS settings: hda:DMA, hdb:pio 
hda: VMware Virtual IDE Hard Drive, ATA DISK drive 
ideO at 0xlf0-0xlf7,0x3f6 on irq 14 
hda: max request size: 128KiB 

hda: 83886080 sectors (42949 MB) w/32KiB Cache, CHS=6SS3S/lS/63, UDMA(33) 
hda: cache flushes not supported 
hda: hdal hda2 hda3 
ide-floppy driver 0.99.newide 
usbcore: registered new driver hiddev 
usbcore: registered new driver usbhid 

drivers/usb/input/hid-core.c: v2.01:USB HID core driver 
mice: PS/2 mouse device common for all mice 
md: md driver 0.90.1 MAX_MD_DEVS=2S6, MD_SB_DISKS=27 
NET: Registered protocol family 2 


Figure 66: Status/Logs Menu - System log 


4.10.3. Boot Log Submenu 

This submenu shows the WGS200's boot process log messages. 


WGServer boot log File 

Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 
Aug 29 


00: OS 
00: OS 
04: 52 
04: S3 
05:05 
05:20 
05:21 
05:21 
05:23 
05:23 
05:23 
05:23 
06:12 
06:12 
06:13 
06:13 
06:30 
06:30 
06:30 
06:31 
06:31 
06:31 
06:31 
06:31 
06:31 
06:31 
06:31 
06:31 
06:31 
06:34 
06:34 
06:35 
06:36 
06:36 


wgserver crond: arranque do crond succeeded 
wgserver watchdog: arranque do server-w succeeded 
wgserver chilli: chilli terminado succeeded 
wgserver chilli: arranque do chilli succeeded 
wgserver sendmail: sendmail terminado failed 
wgserver xfs: xfs terminado succeeded 
wgserver httpd: httpd terminado succeeded 
wgserver sshd: sshd -TERM succeeded 
wgserver chilli: chilli terminado succeeded 
wgserver mysqld: A desligar o MySQL: succeeded 
wgserver xinetd: xinetd terminado succeeded 
wgserver crond: crond terminado succeeded 
wgserver syslog: arranque do syslogd succeeded 
wgserver syslog: arranque do klogd succeeded 
wgserver irqbalance: arranque do irqbalance succeeded 
wgserver xfs: arranque do xfs succeeded 

wgserver network: A desligar a interface 'loopback 1 : succeeded 

wgserver sysctl: net.ipv4.ip_forward = 0 

wgserver network: A desactivar o reenvio de pacotes IPv4: succeeded 

wgserver sysctl: net.ipv4.ip_forward = 1 

wgserver sysctl: net.ipv4.conf.default.rp_filter = 1 

wgserver sysctl: net.ipv4.conf.default.accept_source_route = 0 

wgserver sysctl: kernel.sysrq = 0 

wgserver sysctl: kernel.core_uses_pid = 1 

wgserver sysctl: net.ipv4.neigh.default.gc_threshl = 256 

wgserver sysctl: net.ipv4.neigh.default.gc_thresh2 = 1024 

wgserver sysctl: net.ipv4.neigh.default.gc_thresh3 = 2048 

wgserver network: A configurar os parA<metros de rede: succeeded 

wgserver network: A iniciar a interface 'loopback': succeeded 

wgserver network: A iniciar a interface ethO: succeeded 

wgserver iptables: succeeded 

wgserver last message repeated 3 times 

wgserver xinetd: arranque do xinetd succeeded 

wgserver sshd: succeeded 


Figure 67: Status/Logs Menu - Boot log 


NoniusSoft, Software e Consultoria para 
Telecomunicagoes, S.A. 
Rua Actor Ferreira da Silva, 100 
4200-298 Porto • Portugal 


Phone: +351 220301520 
Fax: +351 220301521 
E-mail: nonius@noniussoftware.com 
Website: www.noniussoftware.com 


58-96 



















[NONIUS 

COMMUNICATION SYSTEMS MATCHING YOUR NEEDS 


Configuration Guide — V3.4 
WGS200 


4.10.4. Radius Log 

This submenu shows the WGS200's Radius' server log messages. 


Radius Log 

Info: rlm_sql_mysql: Starting connect to MySQL server for #1 

Info: rlm_sql_mysql: Starting connect to MySQL server for #2 

Info: rlm_sql_mysql: Starting connect to MySQL server for #3 

Info: rlm_sql_mysql: Starting connect to MySQL server for #4 

Info: Ready to process requests. 

Auth: Login incorrect (rlm_chap: Clear text password not available): [nonius/] (from client localhost port 0 cli 00-1S-00-19-23-BD) 

Auth: Login OK: [pa] (from client localhost port 0 cli 00-1S-00-19-23-BD) 

Info: Using deprecated naslist file. Support for this will go away soon. 

Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? 

Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked 
Info: rlm_sql (sql): Attempting to connect to radiusQlocalhost:/radiusnonius 
Info: rlm_sql_mysql: Starting connect to MySQL server for ffO 

Info: rlm_sql_mysql: Starting connect to MySQL server for #1 

Info: rlm_sql_mysql: Starting connect to MySQL server for #2 

Info: rlm_sql_mysql: Starting connect to MySQL server for #3 

Info: rlm_sql_mysql: Starting connect to MySQL server for #4 

Info: Ready to process requests. 

Info: Using deprecated naslist file. Support for this will go away soon. 

Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? 

Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked 
Info: rlm_sql (sql): Attempting to connect to radiusQlocalhost:/radiusnonius 
Info: rlm_sql_mysql: Starting connect to MySQL server for #0 

Info: rlm_sql_mysql: Starting connect to MySQL server for #1 

Info: rlm_sql_mysql: Starting connect to MySQL server for #2 

Info: rlm_sql_mysql: Starting connect to MySQL server for #3 

Info: rlm_sql_mysql: Starting connect to MySQL server for #4 

Info: Ready to process requests. 

Auth: Login OK: [00-02-8A-29-36-DD] (from client localhost port 0 cli 00-02-8A-29-36-DD) 

Info: Using deprecated naslist file. Support for this will go away soon. 

Info: rlm_exec: Uait=yes but no output defined. Did you mean output=none? 

Figure 68: Status/Logs Menu - Radius log 

4.10.5. Network Devices Status Submenu 

The connectivity test is based on sending and receiving ICMP packets (Ping) to each connected 
device. If the first packet sent to a given device doesn't receive an answer, the WGS200 will repeat 
the connectivity test 5 times. Only when the 5 tests fail a 'FAILED' message is shown on screen. 


Wed Sep 
Wed Sep 
Wed Sep 
Wed Sep 
Wed Sep 
Wed Sep 
Wed Sep 
Thu Sep 

Thu Sep 
Thu Sep 
Thu Sep 

Fri Sep 

Fri Sep 
Fri Sep 
Fri Sep 
Fri Sep 
Fri Sep 
Fri Sep 
Fri Sep 
Mon Sep 
Mon Sep 
Mon Sep 


13 12 
13 12 
13 12 
13 12 
13 12 
13 14 

13 14 

14 11 
14 11 
14 11 
14 11 
14 11 
14 11 
14 11 
14 11 
14 11 

14 11 

15 08 
IS 08 


15 08 
IS 08 
IS 08 
18 14 
18 14 
18 14 


31:41 2006 
31:41 2006 
31:41 2006 
31:41 2006 
31:41 2006 
04:S9 2006 
06:OS 2006 
51:46 2006 
51:46 2006 
51:46 2006 
51:46 2006 
51:46 2006 
51:46 2006 
51:46 2006 
51:46 2006 
51:46 2006 
51:46 2006 
57:47 2006 
57:47 2006 
57:47 2006 
57:47 2006 
57:47 2006 
57:47 2006 
57:47 2006 
57:47 2006 
57:47 2006 
57:48 2006 
18:47 2006 
22:23 2006 
22:23 2006 



Figure 69: Status/Logs Menu - Network Devices Status 
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4.10.6. WGTicket Status Submenu 

This submenu is only visible if the WGTicket license is active. In the top of the form you can choose 
the printer in which you want print the test ticket. The WGS200 will try to print a test ticket in the 
selected printer and will report back the printer status. 


WGTicket Status 


none 

WGTicket Test results 

Starting diagnostics to the WGTicket components 

Checking printServer 10.0.0.23 status 
Test printServer started 
Ticket print skipped. 


Figure 70: Status/Logs Menu - WGTicket Status 

In the figure above you can see failed printer test. 


4.10.7. WG3PFO Log Submenu 

This submenu is only visible if the WG3PFO license is active. It shows WG3PFO's log messages. 


15 : 05 : 
15 : 05 : 
IS:OS: 
IS:OS: 
IS:OS: 
15 : 05 : 
15 : 05 : 
IS:OS: 
15 : 05 : 
15 : 05 : 
IS:OS: 
IS:OS: 
15 : 05 : 
IS:OS: 
IS:OS: 
15 : 05 : 
15 : 05 : 
15 : 05 : 
IS:OS: 
15 : 05 : 
IS:OS: 
15 : 05 : 
15 : 05 : 
IS:OS: 
IS:OS: 

15 : 05 : 

15 : 05 : 


WEST 200€ wgserver Sot □ from socket 

WEST 20Q€ wgserver Received: OGI I GtOl I RN313 I GSxx I GNMourao Mr.ID 

WEST 2006 wgserver protocolMsgQPut: DDGIIG#01 I RN313IGSxx I GNMourao Mr.ID BLOCKING 
WEST 200€ wgserver Listening to socket. 

WEST 2006 wgserver Stack: got DDGI I G#01 I RN313 I GSxxIGNMourao Mr.ID 
WEST 200€ wgserver getDataFromFDF: 31 1 G#01 1 RN313 I GSxxIGNMourao Mr. | 

WEST 200€ wgserver LL upwardData: GI 

WEST 200€ wgserver parseGuestlnfo: GI I GtOl I RN313 I GSxxIGNMourao Mr. I 
WEST 200€ wgserver mainMsg3Fut: D313,Mourao Mr. BLOCKING 
WEST 200€ wgserver mainMsgQ: got D313,Mourao Mr. 

WEST 200€ wgserver updated last connection to DB for now 
WEST 200€ wgserver updated last connection to DB for now 

WEST 2006 wgserver delete from radreply where username= ’ 313 ' successfull. 

WEST 200€ wgserver updated last connection to DB for now 

WEST 2Q0€ wgserver delete from radcheck where username= ’ 313 ' successfull. 

WEST 2006 wgserver updated last connection to DB for now 

WEST 2006 wgserver delete from userinfo where username= ’ 313 ’ successfull. 

WEST 200€ wgserver updated last connection to DB for now 

WEST 200€ wgserver delete from datas where username= 1 313 ’ successfull. 

WEST 200€ wgserver updated last connection to DB for now 

WEST 200€ wgserver INSERT into radcheck(Attribute, Value, UserName) values ('User-Password', 'Mourao', '313':' successfull. 
WEST 200€ wgserver updated last connection to DB for now 

WEST 200€ wgserver INSERT into userinfo(UserName, Name, idcusto) values ('313', 'Mourao Mr.', '1') successfull. 

WEST 2006 wgserver updated last connection to DB for now 

WEST 200€ wgserver INSERT into radreply(UserName, Attribute, op, value) values ('313', ' Idle-Timeout ' , '=', '300') 


£7 WEST 2006 wgserver updated last connection to DB for now 

£7 WEST 2006 wgserver INSERT into radcheck(UserName, Attribute, op, value) 


values ( '313', ' Simultaneous-Use ’ 


15:05:27 WEST 2006 wgserver updated last connection to DB for now 

15:05:27 WEST 2006 wgserver INSERT into datas(UserName, dataregisto) values ('313', now()) successfull. 
15:05:27 WEST 2006 wgserver Executing command: /usr/nonius/apps/WGTicket/wgticket 313 Mourao 1 Check-out 
15:05:28 WEST 2006 wgserver mainMsg2: before take 
15:06:51 WEST 2006 wgserver DONE: Caught signal 30 
15:06:51 WEST 2006 wgserver mainMsgQPut: □ NOBLOCK 




Figure 71: Status/Logs Menu - WG3PFO Log 

4.10.8. WG3PSW Log Submenu 

This submenu is only visible if the WG3PSW module is active. It shows WG3PSW's log messages. 
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WGJpSwitch Log 



Figure 72: Status/Logs Menu - WG3PSW Log 


4.11. Administration Menu 


Administration 


Guide 

Upgrades 

Licenses Management 

Remote Management 

Upld/Dwnl Sys Files 

Passwords 

Factory Defaults 

Reboot 

Shutdown 

Logout 


Figure 73: Menu - Administration 


4.11.1. Guide Submenu 

In order to make the WGConfig manual more accessible and always handy, you can access it using 
this submenu. 
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4.11.2. Upgrades Submenu 

Patches for correcting bugs or adding new features are applied through this submenu. The 
execution of upgrades may take a few moments, but the result will be presented. 



Upgrade Upload: 

|1 Upgrade 


Upgrade Status 


Figure 74: Administration Menu - Upgrades 


Upgrade Upload: | 

Upgrade Status 


Upgrades 


1| Procurer... | 


Upgrade 


Upgrading from 3.0.2 to 3.0.3 ... please be patient 

Preparing... ************************************************** 

dhcp _ ************************************************** 

Upgrade Successfull !!!! 

Standby for reboot. 


Figure 75: Administration Menu - Upgrade Successful 


Before doing an upgrade you should check the current software version in the System Status menu. 
The upgrade must be done to the version immediately after, i.e., if the current version is 3.0.0 you 
will have to upgrade to 3.0.1, before upgrading to the most recent version. This means that no 
"jumps" between versions are allowed. An error message will be shown if a wrong patch is applied. 

4.11.3. Licenses Management Submenu 

After receiving your WGS200 equipment, it will not have any license applied and will be configured 
with very low operational attributes and without any modules. You can upgrade the WGS200 by 
inserting a license key in the 'New License' form. The status of the license, if any, can be checked in 
the lower form. 



After applying a License a reboot will be done automatically. 


License Key: 



Current License Details 


Current License Key 

License Status: VALID 

Key: 

Expiration Date: 2033-12-31 
Users Limit: 100 

License Modules: 

WG-HIGHAVALABILITY - Failover/LoadBalancing/QoS Module 

WG3PFO - Integration Module with Front-Office 
WG3PSW - Control Module Switches VLAN 802.IQ 
WGTICKET - Tickets printer module 
WGSECTRACE - Security and Traceability Module 
WGXMLMGT - XML 3rd Party Interface 


Figure 76: License Menu - NLM 
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"f'Tip: After applying the license the target is rebooted automatically to apply the new license 
attributes. 


4.11.4. Remote Management Submenu 

This submenu limits the system's remote access. Remote access to the WGS200 can be performed 
through an SSH session or through a safe HTTPS session using the web browser. Depending on 
where the manager stands in a networking point of view - WAN, LAN or both - the access to the 
SSH or HTTPS interfaces may be prohibited or allowed. Please note that SSH access to the WGS200 
is exclusive of Nonius employees. 


Remote Management Access 


Caution to set this parameters, since you can lose managment access. 


SSH Access: 

1 All zi 

HTTPS Access: 

1 All zi 


Apply 


Figure 77: Administration Menu - Remote Management 

SSH Access: Enable/disable the remote access through an SSH session. The options are listed 
below: 

ALL: Enable/disable the remote access through SSH session using LAN or WAN. 

LAN: Enable/disable the remote access through SSH session using LAN. 

WAN: Enable/disable the remote access through SSH session using WAN. 

HTTPS Access: Enable/disable the remote access through a HTTPS session. The options are listed 
below: 

ALL: Enable/disable the remote access through HTTPS session using LAN or WAN. 

LAN: Enable/disable the remote access through HTTPS session using LAN. 

WAN: Enable/disable the remote access through HTTPS session using WAN. 

4.11.5. Upld/Dwnl Sys Files Submenu 

This feature allows saving the WGS200 configuration file and database. By uploading previously 
saved files, you may instantly have WGS200 configured exactly the same way as before. 
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Upload S Download Configuration 


Be sure the configuration file is valid. This action can take several minutes. 


Upload configuration file: |" 


Procurar... | | 


max filesize 10KB 


Download configuration file: 


Upload S Download Database 


Be sure the database file is valid. This action can take several minutes. 


Upload WGManager Database: |" 


Procurar... 


max filesize 50MB 


Download WGManager Database: 


Figure 78: Administration Menu - Upid/Dwni Sys Files 


• Upload / Download Configuration 

Upload configuration file: To perform the upload of a configuration file please select the file and 
afterwards select "Upload". 

Download configuration file: To perform the download of WGS200 configuration file please 
select "Download". 

• Upload / Download Database 

Upload WGManager Database: To execute a database upload, please select database file, then 
select "Upload". 

Download configuration file: To execute a database download, please select "Download". 

4.11.6. Passwords Submenu 

Passwords changes are made through this submenu. You will be able to modify password for 
WGManager and WGConfig access. 


Change WGConfig Admin Password 


Confirm Password: 



Figure 79: Administration Menu - Passwords 


• Change WGConfig Admin Password 

Change WGConfig's admin account password. Nonius recommends the change of this password 
because the default password is written in this guide, which is a public guide! 
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4.11.7. Factory Defaults Submenu 

Factory Defaults selection will make the system return to default configuration values. You can 
choose to reset the entire configuration and maintain the WGManager's database or to erase both 
the configuration and the database. 


Factory Defaults 


This command is not reversible! 

All configurations and/or data will be lost. 


Reset Configuration: 

0 Active 

Reset Database: 

D Active 



Figure 80: Administration Menu - Factory Defaults 


Default configurations are: 
WAN interface parameters : 


• 

Protocol: 

none 

• 

IP Address: 

10.0.0.160 

• 

Network Mask: 

255.255.255.0 

• 

Gateway: 

10.0.0.1 

• 

Primary DNS: 

192.168.1.100 

• 

Secondary DNS: 

192.168.1.1 

• 

User Defined DNS: 

enable 

Firewall 

• 

IPSEC PASS Through: 

disable 

• 

LAN Protect: 

disable 

• 

Internal Proxy: 

disable 

• 

IP Internal Proxy: 

not configured 

• 

Port Internal Proxy: 

not configured 

• 

Add User Port Forwarding: 

not configured 

• 

Port User Port Forwarding: 

not configured 

• 

Port Forwarding users: 

not configured 

VLANs 

• 

VLAN: 

disable 

• 

VLAN VID: 

not configured 


WGOoS 
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Rate Limit: 

disable 

UPLOADRATE 

not configured 

DNLOADRATE 

not configured 

Traffle Classify: 

disable 

Common Download Rate: 

80 

VoIP Download Rate: 

10 

P2P Download Rate: 

60 

Others Download Rate: 

10 

VoIP Upload Rate: 

10 

P2P Upload Rate: 

10 

Others Upload Rate: 

10 


Captive Portal 

• Captive Portal: enable 

4.11.8. Reboot Submenu 

Reboot selection will restart the WGS200. 

Confirm Reboot? 

BS 

Figure 81: Administration Menu - Reboot 

4.11.9. Shutdown Submenu 

This will perform a graceful shutdown to the WGS200. 

Confirm Shutdown? 

Figure 82: Administration Menu - Shutdown 

4.11.10. Logout Submenu 

Logout selection will logoff the management session, user/password will be requested in order to 
perform new login. 
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4.12. WGHotel menu 


This menu is available only if WGHotel is the active solution. 



WG3PF0 


WG3PSW 


WGTicket 


WGPrintServer 


Figure 83: WGHotel Menu 


4.12.1. WG3PFO Configuration Submenu 


The WG3PF0 module is the interface with the hotel's Front-Office system. Currently integrated 
systems are: EasyLinq, EasyLynq-CLS, Micros Fidelio Opera, New-Hotel, Brilliant, Bilogica and Sihot. 
When the client is checked-in at the Front-Office, the WG3PFO automatically creates a username 
for that client. With the exception of EasyLinq-CLS, the username will be the room number and the 
password will be the client's name. If WGTicket is enabled and a ticket's printer is present, WG3PFO 
will print the login data in a ticket. 

This submenu is only visible if the WG3PFO license is active. The communication with the several 
front-office systems is done via several protocols, namely the FIAS protocol. The WGS200's 
implementation of the FIAS protocol is certified by Micros Fidelio. The WGS200 also has an interface 
with the NewHotel front-office, using a proprietary protocol. 

The FIAS protocol is currently used for communication with the Micros Fidelio front-office and may 
be used for communication with any front-office system that implements the FIAS protocol. The 
EasyLinq software, software for management of telephone systems, may also be used for 
communicating with front-office systems that do not implement the FIAS protocol. You just send 
the information to EasyLinq and EasyLinq will send to the front-office. 

Please note that the integration of the WGS200 with front-office systems generally requires that the 
customer acquires the Internet interface from the front-office provider. 
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WG3PF0 Configuration 


Enable: 

□ 

Front-office: 

| Micros Fidelio 

Interface Type: 

| Network TCP/IP 


Apply 


WG3PF0 Common Parameters 


Configure WG3PF0 common parameters. 


Front-office's IP Address: 

1 1 

Front-office's Port: 

1 

Working Mode: 

| Client 

Posting Method: 

|PSzJ 

Print Ticket: 

I” (Available with WGTicket) 

WG3PSW Connection: 

|yes^J 

Password Algorithm: 

| Last name ^j 


Apply 


Figure 84: WGHote! - WG3PFO 


Enable: Enable/disable WG3PF0. 

Front-office Name: Select in the drop-down box the Front-Office used by the hotel unit. 
Interface Type: select between TCP/IP or serial port. 

• WG3PFO Common Parameters 

Front-office's IP Address: Define the Front-Office's IP address. 

Front-office's Port: Define the Front-Office's TCP port. 

Print Ticket: If WGTicket is present, a ticket with the login data will be printed if this checkbox is 
ticked. 

Posting Method: There are two methods: PS - Posting Simple and PR - Posting Request (the 
most common is Posting Simple). 

WG3PSW: Enable/disable WG3PSW. See [4.12.2] item 

Password Algorithm: Select the Password Type. There are 3 possibilities: 


Name: 

The name of the client will be the password; 

Nonius Pre-defined 

The password will be defined according to a 
pre-defined table. 

Random: 

The system creates random passwords. 
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• WG3PF0 Billing Parameters 


WG3PF0 Billing Parameters 


Configure WG3PF0 billing parameters. 


Billing Algorithm: 

1 1 hour/2 hour/1 day/1 week 

Activation Period: 

|0 J 

Pre-paid Access: 

1 no zi 

Print server automatic billing: 

1 no lI 

Checkin Profile: 

| CH E CKI N D E FAU LT jj 

Extension Time: 

I - Enable (It will show when there is only 10 minutes of credit available.) 


Apply 


Figure 85: WG3PF0 Billing Parameters 

Billing Algorithm: You have to select algorithm calculation. You have tree options: 


1 hour/2 hours/1 dav/1 

week 

Select this algorithm if you intend to have pre-paid billing. These four 
options will be shown at the login page and users will have to choose 
one before accessing the Internet. 

Pav Per Use 

The cost per minute is set in the WGManager Billing Menu, it allows to 
set the price according to the time that the user is surfing, a 
maximum value is set per day (24h period). 

1/24 hours - 5/10 Euros 

The user pays 5€ for the first hour, and 10€ for 24 hours use. 

Activation fee 

Each Internet session will have an activation period, corresponding to 
a minimum usage, just like telephone calls. The activation period is 

defined below. 

WGManaaer Defined 

Use this if you have a defined unit, for the costumers pay. In 
WGManager go to Billing > Define Prices Users, and then define 
the price that costumers have to pay. 


Activation Period: Use Activation Period for setting the amount of time for the activation fee. The 
options are: 15, 30 and 60 minutes. 

Pre-paid access: set to yes if you want that users select the amount of time they are going to buy 
before using the Internet. Set to no, if you prefer that users have unlimited access and are billed in 
the end of their sessions by the amount of time (or traffic) that they used the Internet. 

Print server automatic billing: if the WGPrintServer license is enabled, set this option to yes if you 
want that the user's printouts are directly billed to the front-office. 

Check-in profile: there are 7 pre-defined check-in profiles. When a user is checked-in at the 
front-office, he/she will be automatically assigned to one of the following service profiles: 

• CHECKIN_DEFAULT - the user will have no restrictions to use the Internet; 
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• CHECKIN_1H - the user will be granted one hour of free Internet Access and afterwards he 
will have to buy more time; 

• CHECKIN_2H - the user will be granted two hours of free Internet Access and afterwards 
he will have to buy more time; 

• CHECKIN_24H - the user will be granted one day (absolute time) of free Internet Access 
and afterwards he will have to buy more time; 

• CHECKIN_1W - the user will be granted one week (absolute time) of free Internet Access 
and afterwards he will have to buy more time; 

• CHECK_IN_PRE_PAID - the user will not be granted any time of free Internet Access and 
will be prompted, at the login, to choose among one of the service profiles defined at the 
WGManager interface. 

• CHECK_IN_POST_PAID - the user will not be granted any time of free Internet Access and 
will be allowed to access the Internet after inserting the correct username and password. 
At logout, the system will compute the amount that corresponds to the used time and will 
send that amount to the clients' account at the front-office. 

It is possible to add more profiles to this list. Just go to the WGManager interface and create a new 
service profile. Afterwards, you can come back to this form and select the new profile in the drop¬ 
down list. 

Extension time: check this box only in pre-paid access, if you want that the system informs the 
user that the time he bought is about to expire and offer the possibility to extend that time. 

"¥' Notes for Pay Per Use Algorithm: This algorithm introduces price differentiation per period of 
usage. The user will be billed for the periods that his sessions have crossed. A minimum of one and 
a maximum of four periods can be set, each having its own price tag, and filling up a 24 hour 
period. The 24hr period is needed and mandatory, i.e., setting a single entry with a 24hr period set 
or two entries of 12 hours each (12h/24h). The cost per minute will consider previous user sessions 
during the same day, i.e., when a customer has multiple sessions in the same day and a session 
crosses a period boundary, the price per minute for the session is split and calculated for each of 
the periods the session crossed. 

Example bellow: 


Period (editable column) 

Rate (editable column) 

1 hour 

2.5€ 

24 hours 

15€ 

NOT USED 

NONE 

MAXIMUM VALUE PER DAY 

15€ 


Table 1 - Example of a Pay per Use Prices table 
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For table 1, the cost per minute is: 

• Between 0 min. and 1 hour: cost per minute = 2.5/60 = 0,042€; 

• Between 1 and 24 hours: cost per minute = 15/(60 *24) = 0,0104€; 

Billina Sessions example: 

Session 1-45 minutes: 

40 minutes with cost /minute = 0,083€; Amount sent to PMS= 1,68€ 

Session 2-90 minutes 

15 minutes with cost /minute = 0,63€ + 30 minutes with cost /minute =0, 312€; 
Amount sent to PMS = 0,63 + 0,312 = 0,94€ 

4.12.2. WG3PSW Configuration Submenu 

Please refer to section [2.2] for this module's description. This submenu is only visible if the 
WG3PSW module is active. It provides an efficient way to increase the client's security during the 
Internet access, through the usage of VLANs. WG3PSW configures the VLANs in switches 3COM 
3250, HP2545 and D-Link 3123 (the integration with other switches may be done at request). 

"'f'Tip: VLAN (virtual LAN) is an autonomous network segment; several VLANs can coexist at a 
single switch. The administrator is able to define which switch ports belong to a given VLAN and 
manage the resources that a user can have access to. 


WG3PSW Configuration 


Each field must have the same number of coma separated numbers or sequence numbers. Reboot needed to take effect. 


Enable: 

r 

Room Auto Discovery: 

r 

Room VLAN Isolation: 

r 



WG3PSW Add Switches 


AddDelete the client networks switches. 


Switch ID: 

1 

Switch Model: 

3Com3250 zi 

Switch IP Address: 

1 

Switch Tagged Ports: 

1 

Switch SNMP Community String: 

1 



Switch List: 



a 


WEI 1»H1 


Add,Delete Room Sequences. Room sequence are eg: 100-120 (room 100 to 120). 


Rooms Sequence: 


Switch ID: 


Switch Ports Sequence: 

1 


"3 

Room List: 

a 


WEI 1BH1 


Figure 86: WGHotei - WG3PSW Configuration 
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Enable: Enable/disable WG3PSW configuration. 

Room Auto Discovery: enable this feature if you want the WGS200 to query your switches for 
the port where a given MAC is coming from. The WGS200 is then able to identify the user and to 
perform an automatic login. 

Room VLAN Isolation: enable this feature if you want that every room is VLAN separated from 
each other. This prevents communication between rooms. 

• WG3PSW Add Switches 

Switch ID: Define the switch ID, example: 1, 2,100 

Switch Model: Select the switch model from the list. If your switch is not on the list, please 
contact your local Nonius commercial channel partner for details on adding support for your switch. 

Switch IP Address: Insert the switch's IP address. 

Switch Tagged Ports: Insert the switch's tagged ports, for all switches. 

Switch SNMP Community String: Insert the switch's SNMP community string. 

Switches List: list of switches added so far. 

• WG3PSW Add Rooms 

Rooms Sequence: Insert the room sequence. Each room will belong to a distinct VLAN. In the 
example above, room 121 doesn't exist. 

Switch ID: Each switch will be identified by a ID in "WG3PSW Add Switches", the form below. This 
sequence is related with "sequence VLAN IDs". Let's see, sequence VLAN ID [100-120] belongs to 
switch [1], as sequence VLAN IDs [200-220] belongs to switch [2]. 

Switch Ports Sequence: You should define the switch ports that are being used for "sequence 
VLAN IDs". In the example above, rooms 100 to 120, with VIDs 100 to 120, are connected to ports 
1 to 21 of the switch number 1; room 122, with VID 122, is connected to port 22 of switch 1; 
rooms 200 to 220, with VIDs 200 to 220, are connected to ports 1 to 21 of switch 2 and so on. 

Rooms List: list of rooms added so far. 

4.12.3. WGTicket Configuration Submenu 

This submenu is only visible if the WGTicket license is active. This configuration will be necessary 
for WGHotel and WGPublic solutions - where it may be intended that user login data (username and 
password) are printed on a ticket's printer. 
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WGTicket Configuration 


Enable: | [V] 

msssm 


Installed Printers 


Printer Name: 

| (no spaces allowed) 

Printer Model: 

Godex EZ-2Plus ▼ 

IP Address: 

| (e.g. xxx.xxx.xxx.xxx) 

TCP Port: 

1 

Username: 

1 

Password: 

1 

Printers: 

Default_Printer | BROTHER-QL5701 -1 c62mm 110.0.0.23191001 admin | test * 



WHOM liHl 


Figure 87: WGHotei - WGTicket Configuration 

Enable: Enable/disable WGTicket. 

Printer Type: Select the printer from the drop-down menu. Supported ticket printers are the 
Godex-EZ-2Plus, the PRP-080 and the Brother QL-550/560/580N. Please get in touch with Nonius 
for details on supporting other ticket printers. 

IP Address: Define the printer's IP address. 

TCP Port: Define the TCP communication port. 

Username: Set the printer's username. 

Password: Set the printer's password. 

• Brother QL-560 Print Server 

Print Server Model: Select the paper width of your Brother QL-560 ticket's printer. 

• Brother QL-560/580N Paper Type 

Paper Type: Select the paper width of your Brother QL-560/QL-580N ticket's printer. 

4.12.3.1. Press Button and Print Voucher Ticket 

With this feature you can create vouchers on demand using a printer button. To generate a new 
voucher you will need to press the button and wait a few seconds so that the voucher can be 
printed. Depending on your printer model, the action button varies, in the QL-550/560 the button is 
the power button, in the QL-580N the action button is the cut button. 
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Warning: When enabling the following checkbutton you will lose the capability to print from WGManager. 
Printing will only be available by pressing the power/cut button on the printer 


Enable: 

□ 

Voucher Profile: 

Voucher-1 Hour ▼ 


BJ99M 


Figure 88: WGTicket - Press Button and Print Voucher 

Enable: Enable/disable Press Button and Print Voucher feature. 

Voucher Profile: Select the preferred Service Profile that the generated vouchers will have upon 
their generation/printing. 

"'f'Tip: With this mode enabled, only these vouchers can be printed, the WGManager print 
voucher/tickets options will be disabled. 

This functionality has only been tested with Brother printer equipment, support for different printers 
should be confirmed with Nonius. 
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4.12.4. WGPrintServer Configuration Submenu 

This submenu is only visible if the WGPrintServer license is active. This module may be used in 
WGHotel solutions - where it may be intended to provide print services to clients. It will be 
necessary to configure the hotel's printer that will be used to print the client's documentation. For 
details, please check the WGPrintServer guide. 


WGPrintServer Configuration 


Enable: 

r 

Printer Type: 

| EPSON EPL-6200 zi 

IP Address: 

1 1 

Printer Name: 

EPSON IPP Printer 

Maximum File Size (MBytes): 

[200 

Maximum Jobs Per Printer: 

\K1 


Apply 


Figure 89: WGS200 - WGPrintServer configuration 


Enable: Enable/disable WGPrintServer. 

Printer Type: Select the printer's model. 

IP Address: Define the printer IP address. 

Printer Name: Define the printer's name. 

Maximum File Size (Mbytes): Maximum file size of documents to be printed. 

Maximum Jobs Per printer: Maximum number of jobs that the printer will accept. Use this to 
avoid abuse. 

Available Printers: 

• Epson EPL-6200 

• HP Color LaserJet 3700 

• HP LaserJet M3027 XMFP 

• HP LaserJet P2015 

• Samsung SCX-4725FN 

• Brother MFC-9420CN 

• Brother HL-2070N 

• Dell MFP Laser 3115cn 
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4.13. WGEstate Menu 


This menu will only be available if you have selected WGEstate in System > WGmanager > 
Business Operation Mode menu. 



Figure 90: Menu - WGEstate 


4.13.1. Users Disk Quota Submenu 

This menu will only be available if you have selected WGEstate in Solution > Solution Type 
menu. The size of hard disk quotas cannot be configured as it's a predefined fixed size; users have 
a 15Mbytes quota for uploading personal web pages. 


Disk Quotas 


Quotas are enabled by default. Ho configuration allowed on WirelessGEST u3.0 


Figure 91: WGEstate - Users Disk Quota 


4.13.2. Mail Server Domains Submenu 


This menu will only be available if you have selected WGEstate in Solution > Solution Type 
menu. You have to configure the domain (register a new domain if required). The domain is the 
name by which a given site is known in the Internet and it corresponds to an IP address. Based on 
this domain, e-mail SMTP and POP or IMAP servers are configured in the e-mail clients. 


DNS Server Domains 


Username and Password are only necessary if you are using Dynamic IP address to your own domain. Otherwise they will be ignored. 


Static IP address: 

r 

Domain Name: 

i i 

Zoneedit.com Username: 

i i 

Zoneedit.com Password: 

i i 


Apply 


Figure 92: WGEstate - Mail Server Domains 


Static IP address: Tick this box if the domain is associated with a static IP address. 
Domain Name: Insert the domain name. 

Zoneedit.com Username: Insert the Zoneedit username account. 

Zoneedit: Insert the Zoneedit password account. 
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Note: we are assuming you have registered the domain name in a certain entity. This entity is not 
responsible for the IP address changes associated with this domain. It is necessary to pass that 
responsibility of DNS services to Zoneedit (or any other entity that offers the same type of service). 
The Zoneedit offers free DNS services allowing the management of dynamic IP addresses, releasing 
our necessity for having our own DNS server. 

4.14. WGPublic Menu 

This menu will only be available if you have selected WGPublic in System > WGManager > 
Business Operation Mode menu. 


WGPublic 


Authentication Mode 


Figure 93: Menu - WGPublic 

4.14.1. Authentication Mode Submenu 


[ : 

- 1 


Authentication Mode: 

{Normal \M 

J 


Normal 


u 


Grace Period/Auto Register MAC 
External Validation 


Figure 94: WGPublic Menu - Authentication Mode Configuration 


In WGPublic Business Mode there are three user authentication modes: 

1. Normal - users register themselves by filling in an online form and have to receive an e- 
mail with login data. 

2. Grace Period/Auto Register MAC - the equipment's MAC address is automatically registered 
and users have a configurable free access time to try out the service, after which they lose 
Internet Access. The following behaviour depends on service profile's configuration. 

f'Tip: these users will be automatically assigned to the service profile defined on menu "Online 
registration" at the WGManager Interface. Please check WGManager's user guide for a 
configuration example. 

3. External Validation - "normal" local Radius authentication is replaced by authentication 
through an external entity (an Oracle DB, for example). Selecting this mode will prompt the 
appearance of the following form: 


Authentication Mode Configuration 


Authentication Mode: 

External Validation ▼ 

Connector Type: 

iOracle/OCI8[- 


E23 

Oracle/OCI8 


CAS Server 


Figure 95: External Validation Connector Type 
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Connector Type: choose between 0racle/0CI8 and CAS Server (Client Access Server). With CAS 
Server selected, it is necessary to insert the URL of your server in the appearing form. On the other 
hand, choosing Oracle Server, requires filling up another form: 



Figure 96: External Validation - Oracle Server Configuration 


Server IP Address: insert the IP address of the Oracle server; 

Port number: insert the TCP/UDP Oracle server's port number; 

DB user: insert the Oracle DB username; 

DB password: insert the Oracle DB password; 

DB Name: insert the Oracle DB name; 

DB Function: insert the name of the function to be queried for authentication purposes. 


f'Tip: it is assumed that the function receives two parameters and returns an error code: 


number fnName(in number, in varchar2). 

Table 2 details the meaning of the error codes: 


Error code 

Meaning 

0 

Valid username and password. The user is allowed to have Internet access. 

i 

Wrong username, i.e., the provided username doesn't exist in database. 

2 

Wrong username or password. 

3 

Invalid username. The username exists in the database, but access is not granted 
for some reason. 

4 

Deleted username. 


Table 2 - Oracle's error codes 
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4.15. WGBizPark Menu 

This menu will only be available if you have selected WGBizPark in Solution > Solution Type 
menu. 


WGBizPark 


WGTicket 

Figure 97: Menu - WGBizPark 


At the moment only the WGTicket [4.12.3] submenu is available. 

4.16. WGHotspotManager Menu 

This menu will only be available if you have selected WGHotspotManager in Solution > 
Solution Type menu. 


WGHotspotManager 


Figure 98: Menu - WGHotspotManager 


At the moment there are no submenus associated with WGHotspotManager. 
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5. WGS200's Configuration Examples 
5.1. WGHotel 

A 4 Star hotel with Ethernet cable network to all rooms, Wi-Fi coverage in public areas (conference 
rooms, reception hall, bar), intends to control the offer of Internet service to their customers. 

The WGS200 will be connected to the EasyLinq interface for automatic user/password creation and 
charge directly their bill within the Front office. 

A ticket printer will be installed at reception which prints a ticket with user/password every time 
there is a guest check-in. 


5.1.1. Configuration example 




Business Center 




Support and 
Maitenance 


Figure 99: WGHotel - Configuration Example 


5.1.2. Project Steps 

Network Planning 

The decision was to share the existing ADSL Line between the internal Hotel and customer use. The 
WGS200 will be configured to only allow the usage of half of the available bandwidth to the public 
Internet Service. 

The Hotel LAN will be protected from any access from the users of the public network. 

Power Over Ethernet Access Points were selected to minimize the cabling and maximize the remote 
maintenance capabilities. 

The current UTP Cat5 infrastructure connecting the rooms to the back office rack was used to 
implement a customer LAN using Layer 2 Switches. 


NoniusSoft, Software e Consultoria para 
Telecomunicagoes, S.A. 
Rua Actor Ferreira da Silva, 100 
4200-298 Porto • Portugal 


Phone: +351 220301520 
Fax: +351 220301521 
E-mail: nonius@noniussoftware.com 
Website: www.noniussoftware.com 


80-96 




















NONIUS 


Configuration Guide — V3.4 
WGS200 


COMMUNICATION SYSTEMS MATCHING YOUR NEEDS 


A network ticket printer was installed in the reception desk connected to the Hotel LAN. The 
reception POS/Front office PC will have access to the WGManager (Managing service interface) via 
an HTTP browser. 

Wi-Fi Site Survey 

A Wi-Fi site survey was done to determine the best location of the access points to maximize the 
coverage range and minimize the number of access points to be installed. 

WGS200 Configuration 

The following parameters were configured at the WGS200: 

• WAN interface - Static IP in the range of the Hotel LAN; 

• Firewall - IPSec Pass-through: ON, Customer LAN Protection: ON; 

• QoS - Quality of Service: OFF; 

• Customization - according customer details; 

• WG3PFO - According to Easylink's configuration; 

• WGTicket - According Ticket printer's configuration. 

Training 

Two training sessions were performed; one to the service administrator and other to all personnel 
at the reception. 

• Admin level training: please check the WGManager's administrator manual; 

• Cashier level training: please check the WGManager's cashier manual. 

Both sessions included training on the WGManager's interface and generic information about 
Wireless Internet. 
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5.2. WGPublic 

WGPublic is the solution adapted to airports, shopping and congress centres or other public places 
like libraries, public squares, etc. where there is no reception for registering or acquiring a voucher. 
With the WGPublic solution, the users can register themselves online to use the available Internet 
system. 


5.2.1. Configuration example 



Figure 100: WGPublic - Configuration Example 

5.2.2. Project Steps 


Network and Services Planning 

The hotspot interface of the WGS200 is connected to a router that is connected, via VPN, to the 
remote routers where the access points are connected to. The users receive the network 
configuration information via DHCP. There is a DHCP server in each Access Point and the IP address 
range provided by each DHCP server is unique (for example, API works in range 192.168.150.0/24, 
AP2 works in range 192.168.151.0/24, etc.). In this way it is simple to distinguish the several 
hotspots. 

The captive portal and the AAA server run on the WGS200, meaning that the login page is the 
same in every hotspot and a user that registers himself in one of the hotspots may use the same 
login data in all the other hotspots. 

The user's registration will be done online via the login page. 
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Wi-Fi Site Survey 

A Wi-Fi site-survey should be done by the entity responsible for the installation of the hotspots. 

WGS200 Configuration 

The following parameters were configured at the WGS200: 

• WAN interface - Static or dynamic IP depending on the access router/bridge; 

• Captive portal - Layer3 Redirection: enable; Layer3 Gateway IP: IP address of the router 
connected to the hotspot interface; Layer3 Gateway MAC address: MAC address of the 
router connected to the hotspot interface. 

• Firewall - IPSec Pass-through: ON, Customer LAN Protection: OFF; 

• QoS - Quality of Service: ON; 

• Customization - according customer details; 

Training 

One training session must be provided to the administrator of the hotspot. 

• Admin level training: please check the WGManager's administrator manual; 

The session included training on the WGManager's interface and generic information about Wireless 
Internet. 
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5.3. WGBizPark 

A business park intends to provide communication services to the companies it hosts. Each 
company will have its own internal LAN which will be inaccessible from other companies' internal 
LANs. The companies will also have a VPN service to allow authorized users to access the internal 
LAN from the outside. 

The Access Points to be used are capable of broadcasting several SSIDs and of VLAN tagging the 
packets of each different SSID. 

Each company will have its own IEEE 802.IQ VLAN, for separating its traffic from other company's 
traffic. 

In this way, it will be possible to configure an SSID per company and connect it to the company's 
internal network VLAN. Finally, one of the SSIDs will be used for visitors and will have its own VLAN 
tag. 

Companies may also install their own internal servers and port forwarding to be enabled at the 
WGS200. 


5.3.1. Configuration example 
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Figure 101: WGBizPark - Configuration Example 
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5.3.2. Project Steps 
Network and Services Planning 

Configure the Access Points with one SSID per company and provide a WPA2 key for each 
company. Create a VLAN tag per SSID and connect each access point to a switch that VLAN- 
capable and configure the ports where you connect the APs as members of the VLANs you created. 

Wi-Fi Site Survey 

The site-survey must guarantee that the SSID of a given company covers the working area of that 
company. There also must be one access point in each meeting room, allowing the companies to 
run meetings in those rooms and to keep having access to their internal network. 

WGS200 Configuration 

The following parameters were configured at the WGS200: 

• WAN interface - Static or dynamic IP depending on the access router/bridge; 

• Firewall - IPSec Pass-through: ON, Customer LAN Protection: OFF, Client port forwarding: 
add usernames or MAC addresses of each company's internal server and make sure that 
each server uses a different port for the same service (for ex., port 80 may be used by one 
of the companies and port 8080 must be used by a second company, for web access). 

• VLAN - Enable 802.1Q VLAN: enable; Interface: LAN; 802.1Q VID: insert VLAN ID; 
Interface Type: Bridge; 

• QoS - Quality of Service: ON; 

• Customization - according customer details; 

Training 

Two training sessions must be provided: one to the administrator of the business park and another 
to the IT manager. 

• Admin level training: please check the WGManager's administrator manual; 

• IT manager: the training consisted on explaining the WGConfig interface and is based on 


this manual. 


The session included training on the WGManager's interface and generic information about Wireless 
Internet. 
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5.4. WGHotspotClusterManager 

A group of small hotspots (each one composed by one or two access points) is deployed and wants 
to share a common authentication, authorization and accounting mechanism. In this case, each 
hotspot has its own captive portal which communicates with a remote RADIUS server for AAA 
purposes and its own DHCP server for configuration for the client's network interface. 


5.4.1. Configuration example 
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Figure 102: WGHotSpotManager - Configuration Example 


5.4.2. Project Steps 


Network and Services Planning 

Nonius developed a mini-gateway suitable for this scenario. It includes a DHCP server that 
configures the users' terminals with a private IP address, a Netmask, a default gateway and a 
primary and a secondary DNS server. It also includes a captive portal that captures the first HTTP 
request from a client and redirects the request to an internal page, where the user is prompted to 
insert a username and a password. This data is then forwarded to a WGS200 located in a Central 
Office that check the data versus a database (authentication), sends the reply back to the mini 
gateway and performs the accounting of the service's usage. After authentication and authorization, 
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the client's data is directly routed to the Internet through the ADSL modem, not being forwarded 
any longer to the WGS200. 

When a user wants to logout, he or she may click in the logout button or, if he doesn't do it, the 
WGS200 will log him/her out after a configurable idle period. 

In this type of configuration, the username and password maybe obtained in several possible ways: 

1. The user may obtain a pre-paid card at a local tourist office or any other place; 

2. The user may register himself online and receive the data by e-mail (for free access). 

Wi-Fi Site Survey 

A Wi-Fi site survey has been done in each location where a mini-gateway was installed. 

WGS200 Configuration 

The following parameters were configured at the WGS200: 

• WAN interface - Static IP in the range of the ADSL modem's LAN interface; 

• WAN interface - load balancing: OFF; Failover: OFF. 

• Firewall - IPSec Pass-through: ON, Customer LAN Protection: OFF; 

. DynDNS: ON; 

• Radius server: ON; Enable Any Client Station: ON; Any Client Secret: insert the RADIUS 
secret shared with remote RADIUS clients. 

• Customization - according customer details; 

Training 

One training session was provided to the service administrator. 

• Admin level training: check WGManager admin manual; 

The session included training on the generic info about Wireless Internet. 

Optional training sessions may be provided to every person interested in dealing with the system. 
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5.5. WGEstate 

A Residential Estate with more than 50 flats will, at least in Europe and North America, have nearly 
50 individual connections to the Internet. With the WGEstate solution the same estate can share 
one or two ADSL lines, providing a similar Internet experience to the end user and significantly 
reducing the costs. An improvement in security is also achieved with the WGEstate solution. It is 
possible to configure the Ethernet LAN deployed in the estate to provide a Virtual LAN to every flat, 
avoiding communication between the computers in different flats, even though they share the same 
LAN. 


5.5.1. Configuration example 
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Figure 103: WGEstate - Configuration Example 


5.5.2. Project Steps 
Network and Services Planning 

Two ADSL lines will be used since it is predictable that nearly 50 users may share the Internet 
access, which is a quite heavy load. 

To guarantee that, independently of the number of users accessing the Internet, every application 
is usable for everyone (VoIP applications or video streaming or FTP, etc.), Quality of Service (QoS) 
and Traffic Classification will be enabled. In this way, it is possible to reserve bandwidth for real¬ 
time services such as voice conversations, guaranteeing that even if many users are using, for 
example, peer-to-peer applications, the real-time services will work as expected. 
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Load balancing between the two ADSL lines will also be enabled. In this way, the system will evenly 
distribute the users per ADSL line. For example, if 10 users are connected simultaneously, 5 will use 
ADSL line number 1 and the other 5 will use ADSL line number 2. 

The Fail-over feature will also be enabled. If the WGS200 detects a lack of connection through a 
given ADSL line, it will switch its default gateway to the other line and set all users to use the 
"good" line. The system will then keep monitoring the line that failed and, when communications 
are restored, it will go back to the initial state. 

Finally, the system will provide the users with a limited disk quota for storing personal web pages 
and up to 3 e-mail accounts pe/'flat. 

UTP Cat5 infrastructure will be deployed in the building and, at each user's apartment a wireless 
access point will be installed. One unmanaged switch will also be installed in each floor and there 
will be a main switch connecting the WGS200's LAN interface to every building's infrastructure. 

A more remote building will also be served through a wireless connection between WDS-capable 
access points installed at each building's roof. These access points will be protected by hermetic 
cases, because of weather conditions. 

To increase security, VLAN-capable access points will be used in each flat. It will then be possible to 
configure each access point to use its own VLAN for the client's traffic. The VLANs will be 
terminated at the WGS200. In this way, a user connected to a given access point will not be able to 
reach other user's computers. To protect the traffic in the wireless link, WPA should be used 
between the access point and the end terminals. 

Wi-Fi Site Survey 

A Wi-Fi site survey was done to determine the best location of the access points in each flat to 
maximize the coverage range and minimize the possible radio interferences. 

WGS200 Configuration 

The following parameters were configured at the WGS200: 

• WAN interface - Static IP in the range of the ADSL modems LAN interface; 

• WAN interface - load balancing: ON; Failover: ON. 

• Firewall - IPSec Pass-through: ON, Customer LAN Protection: OFF; 

• VLAN - Enable 802. IQ VLANs: ON; 

• VLAN - Interface: LAN; Type: Bridge; VID: from 2 to as many as required (one perNP)) 

• QoS - Quality of Service - Rate limit: OFF; Traffic classification: ON; 

• Mail server domains - Domain name: insert the URL of the domain you registered for the 
estate. Zoneedit.com Username: zoneedit's username; Zoneedit.com Password: zoneedit's 
password. 
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• Customization - according customer details; 

Training 

One training session was provided to the service administrator. 

• Admin level training: check WGManager admin manual; 

• The session included training on the generic info about Wireless Internet 
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6. Warranty 

Nonius Software provides this documentation without warranty, term, or condition of any kind, 
implied or expressed, including, but not limited to, the implied warranties, terms or conditions of 
merchantability, satisfactory quality, and fitness for a particular purpose. Nonius Software may 
make improvements or changes in the product(s) and/or the program(s) described in this 
documentation at any time. 

Nonius Software provides 2 years of warranty. The WGS200 has labels on both sides, that if 
removed will cause the loss of warranty. 
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7. Licence 

WGS200 has a valid licence just for the hardware which is inside of red box. If you want to change 
something inside, first contact Nonius. 


NoniusSoft, Software e Consultoria para 
Telecomunicagoes, S.A. 
Rua Actor Ferreira da Silva, 100 
4200-298 Porto • Portugal 


Phone: +351 220301520 
Fax: +351 220301521 
E-mail: nonius@noniussoftware.com 
Website: www.noniussoftware.com 


92-96 





NONIUS 


Configuration Guide — V3.4 
WGS200 


COMMUNICATION SYSTEMS MATCHING YOUR NEEDS 


8. Technical Specifications 

Physical Dimensions 

Height: 38mm X width: 148mm X length: 240mm 
Weight: ~ 2Kg 

Power Supply 

Input: 100-240~1A, 

Line Frequency: 50/60Hz 
DC Output: +5V/5A; +12V/1.5A 

Power consumption 

27 Watts Maximum 
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9. Problem Solving 

The most frequent problems in the installation of WGS200 are: 

a) IP Gateway incorrectly configured. 

Ask network administrator, or enable DHCP service on WGS200. Connect a computer with a 
crossover cable to LAN 3, then open your browser in https://192.168.182.1/WGConfiq. after 
login, go to Network>Wan Interface and see the IP Address of your gateway. 

b) Firewall denying traffic to WGS200. 

Check firewall settings or router settings 

c) DNS not correctly configured. 

Ask your ISP Provider. 

9.1. Reset to Factory defaults 

Connect your computer to the WGS200's serial interface, using programs like HyperTerminal or 
Putty. The WGS200 will prompt for a login and password. To make a reset to factory defaults, login 
as user reset, and the password "tal2jfcp". Then Type "Yes". Be aware that this command is not 
reversible and all configuration and data in WGManager's database will be erased too! 



Figure 104: Reset to Factory defaults 



ip: See section Setting Up for management [4.2], in the page 17. 
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10. Upgrading Software 

If you are a Nonius partner, please login to http://www.noniussoftware.com with the credentials that 
have been provided to you and download the most recent updates. Please note that you will only 
find the updates starting from release 3.0.0. If you have an older version of the software (versions 
2.0.28 or below) please get in touch with Nonius for more information. 
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11. Contacts 


NoniusSoft S. A. 

Rua Actor Ferreira da Silva, 100 • 4200-298 Porto • Portugal 
Phone: +351 22 030 15 20 • Fax: +351 22 030 15 21 
Email: support@noniussoftware.com 
sales@noniussoftware.com 
Web site: www.noniussoftware.com 
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